From: Jean Louis <bugs@gnu.support>
To: Tim Cross <theophilusx@gmail.com>
Cc: emacs-orgmode@gnu.org
Subject: Re: One vs many directories
Date: Wed, 25 Nov 2020 08:06:13 +0300 [thread overview]
Message-ID: <X73mRRL4hEL1zYir@protected.rcdrun.com> (raw)
In-Reply-To: <875z5uxzev.fsf@gmail.com>
* Tim Cross <theophilusx@gmail.com> [2020-11-24 23:40]:
> If people are really concerned about security, they should look first at
> their use of repositories like MELPA. There is no formal review or
> analysis of packages in these repositories, yet people will happily
> select some package and install it.
Interesting that you are one who mentions that. There are just few
people ever mentioned it.
I am still in process of the review of MELPA packages and its
system. There are many security issues.
Package signing is one example. It does not offer much of security
when packages are signed automatically, but it raises level of
security.
MELPA packages and archive-contents are not PGP signed, while GNU ELPA
packages are signed.
Licensing issues are also a problem with MELPA as it becomes unclear
if I have got the license or not when author does not have a proper
name. It is not relevant if majority of people do not think or are not
aware of licensing as I have to think of it for software that I may
re-use, distribute, modify. Did I really get the license if user is
named "nick-abc" and have no possible contact information? In some
cases for subset of MELPA packages there is no way to verify who
really wrote piece of software and if I have received the license
legally. Due diligence is on my side. I cannot just claim "But he gave
me license" will not help if I have not done proper due diligence,
court would not be on my side.
Other issue is that MELPA philosophy is to accept any kind of software
even if software has been made to drive or control proprietary
software.
For that reason there is now non-GNU ELPA being developed where useful
packages will be distributed from.
next prev parent reply other threads:[~2020-11-25 5:20 UTC|newest]
Thread overview: 151+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-21 0:33 One vs many directories Texas Cyberthal
2020-11-21 5:13 ` Ihor Radchenko
2020-11-21 7:56 ` Jean Louis
2020-11-21 8:31 ` Texas Cyberthal
2020-11-21 9:29 ` Marvin ‘quintus’ Gülker
2020-11-21 10:21 ` Jean Louis
2020-11-21 15:00 ` Texas Cyberthal
2020-11-21 16:08 ` Jean Louis
2020-11-21 15:03 ` Dr. Arne Babenhauserheide
2020-11-21 15:45 ` Texas Cyberthal
2020-11-21 17:12 ` Jean Louis
2020-11-21 18:01 ` Texas Cyberthal
2020-11-21 18:57 ` Jean Louis
2020-11-22 6:36 ` Ihor Radchenko
2020-11-22 7:20 ` Jean Louis
2020-11-22 8:32 ` Ihor Radchenko
2020-11-22 8:56 ` Jean Louis
2020-11-21 22:36 ` Dr. Arne Babenhauserheide
[not found] ` <CAMUm491Psp0u5JKyGROP6M=UfAcvOLTtOKAD1rOearV+KxgYdQ@mail.gmail.com>
[not found] ` <87r1olfvh4.fsf@web.de>
2020-11-23 9:50 ` Texas Cyberthal
2020-11-23 13:17 ` Jean Louis
2020-11-23 14:16 ` Ihor Radchenko
2020-11-23 18:08 ` Is Org really so simple? Jean Louis
2020-11-23 20:41 ` Tom Gillespie
2020-11-24 5:06 ` Jean Louis
2020-11-26 3:08 ` Ihor Radchenko
2020-11-26 8:57 ` Jean Louis
2020-11-29 7:20 ` Ihor Radchenko
2020-11-29 16:22 ` Jean Louis
2020-11-26 18:07 ` Dr. Arne Babenhauserheide
2020-11-26 23:09 ` David Rogers
2020-11-27 0:43 ` Tim Cross
2020-11-27 2:56 ` Jean Louis
2020-11-23 16:07 ` One vs many directories Texas Cyberthal
2020-11-23 19:20 ` Jean Louis
2020-11-24 7:55 ` Ihor Radchenko
2020-11-28 16:16 ` Jean Louis
2020-11-28 16:33 ` Christopher Dimech
2020-11-25 6:57 ` Texas Cyberthal
2020-11-25 9:51 ` Jean Louis
2020-11-25 10:39 ` Texas Cyberthal
2020-11-25 11:02 ` Jean Louis
2020-11-26 16:04 ` Texas Cyberthal
2020-11-26 17:31 ` Jean Louis
2020-11-27 9:00 ` Texas Cyberthal
2020-11-27 10:45 ` Jean Louis
2020-11-28 8:18 ` Texas Cyberthal
2020-11-28 10:09 ` Jean Louis
2020-11-29 6:18 ` Texas Cyberthal
2020-11-29 6:53 ` Jean Louis
2020-11-30 7:35 ` Texas Cyberthal
2020-11-30 7:50 ` Ihor Radchenko
2020-11-30 10:25 ` Texas Cyberthal
2020-11-30 10:57 ` Jean Louis
2020-11-30 12:27 ` Ihor Radchenko
2020-11-30 12:28 ` Ihor Radchenko
2020-11-30 19:00 ` Jean Louis
2020-12-02 2:56 ` Ihor Radchenko
2020-12-02 6:14 ` Jean Louis
2020-12-02 7:23 ` Ihor Radchenko
2020-11-21 16:55 ` Jean Louis
2020-11-21 22:48 ` Dr. Arne Babenhauserheide
2020-11-22 0:48 ` Jean Louis
2020-11-22 2:47 ` briangpowell
2020-11-22 17:55 ` Jean Louis
2020-11-21 6:12 ` Palak Mathur
2020-11-21 9:04 ` Jean Louis
2020-11-21 6:36 ` Jean Louis
2020-11-21 7:17 ` Texas Cyberthal
2020-11-21 9:53 ` Jean Louis
2020-11-21 10:15 ` Tim Cross
2020-11-21 11:18 ` Jean Louis
2020-11-21 14:44 ` Texas Cyberthal
2020-11-21 15:45 ` Jean Louis
2020-11-23 5:40 ` Ihor Radchenko
2020-11-24 9:00 ` Jean Louis
2020-11-24 9:45 ` Eric S Fraga
2020-11-24 9:51 ` Jean Louis
2020-11-24 11:42 ` Eric S Fraga
2020-11-24 13:13 ` Diego Zamboni
2020-11-24 13:49 ` Jean Louis
2020-11-24 17:02 ` Jean Louis
2020-11-24 18:50 ` Dr. Arne Babenhauserheide
2020-11-24 18:58 ` Jean Louis
2020-11-25 6:39 ` Tim Cross
2020-11-25 12:38 ` Local variables insecurities - " Jean Louis
2020-11-25 13:05 ` Eric S Fraga
2020-11-25 13:13 ` Jean Louis
2020-11-25 13:58 ` Eric S Fraga
2020-11-25 14:07 ` Jean Louis
2020-11-25 20:54 ` Tim Cross
2020-11-25 22:09 ` Jean Louis
2020-11-26 2:06 ` Tom Gillespie
2020-11-26 5:06 ` Jean Louis
2020-11-26 5:31 ` Jean Louis
2020-11-26 6:18 ` Tom Gillespie
2020-11-26 9:10 ` Jean Louis
2020-11-26 11:44 ` Detlef Steuer
2020-11-26 12:06 ` Jean Louis
2020-11-26 5:34 ` Greg Minshall
2020-11-26 5:49 ` Jean Louis
2020-11-26 8:39 ` Christian Moe
2020-11-25 8:10 ` Dr. Arne Babenhauserheide
2020-11-25 8:36 ` Local variables liberties Jean Louis
2020-11-24 20:11 ` One vs many directories Tom Gillespie
2020-11-24 20:39 ` Tim Cross
2020-11-25 4:54 ` Jean Louis
2020-11-25 5:54 ` Tim Cross
2020-11-25 7:01 ` Local variables issue - " Jean Louis
2020-11-25 5:06 ` Jean Louis [this message]
2020-11-25 7:00 ` Tim Cross
2020-11-25 8:23 ` Security issues in Emacs packages Jean Louis
2020-11-25 9:07 ` tomas
2020-11-25 9:26 ` Jean Louis
2020-11-25 10:41 ` tomas
2020-11-25 22:46 ` Tim Cross
2020-11-25 23:07 ` Jean Louis
2020-11-25 23:39 ` Tim Cross
2020-11-26 5:24 ` Jean Louis
2020-11-26 6:46 ` Tim Cross
2020-11-26 5:29 ` Greg Minshall
2020-11-26 5:53 ` Jean Louis
2020-11-26 6:35 ` Tim Cross
2020-11-26 12:27 ` Greg Minshall
2020-11-26 22:20 ` Tim Cross
2020-11-27 2:19 ` Jean Louis
2020-11-27 4:42 ` Greg Minshall
2020-11-25 4:44 ` One vs many directories Jean Louis
2020-11-25 10:19 ` org-sbe to automate some source block executions Jean Louis
2020-11-25 11:39 ` Ihor Radchenko
2020-11-25 15:06 ` Jean Louis
2020-11-25 11:46 ` One vs many directories Jean Louis
2020-11-25 13:07 ` Eric S Fraga
2020-11-25 13:14 ` Jean Louis
2020-11-25 13:12 ` Ihor Radchenko
2020-11-25 13:32 ` Jean Louis
2020-11-24 18:47 ` Dr. Arne Babenhauserheide
2020-11-24 18:54 ` Jean Louis
2020-11-25 8:14 ` Dr. Arne Babenhauserheide
2020-11-25 8:46 ` Jean Louis
2020-11-25 11:46 ` Ihor Radchenko
2020-11-26 12:47 ` Jean Louis
2020-11-26 13:27 ` Ihor Radchenko
2020-12-02 10:12 ` Jean Louis
2020-12-02 9:49 ` Jean Louis
2020-11-26 3:47 ` Ihor Radchenko
2020-11-26 3:32 ` Ihor Radchenko
2020-11-26 11:58 ` Jean Louis
2020-11-29 7:56 ` Ihor Radchenko
2020-11-29 17:57 ` Jean Louis
2020-11-21 13:41 ` Jonathan McHugh
2020-11-21 14:04 ` Jean Louis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X73mRRL4hEL1zYir@protected.rcdrun.com \
--to=bugs@gnu.support \
--cc=emacs-orgmode@gnu.org \
--cc=theophilusx@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).