|
From: | Andrea Corallo |
Subject: | Re: Why are so many great packages not trying to get included in GNU Emacs? |
Date: | Fri, 24 Apr 2020 08:56:20 +0000 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Tim Cross <address@hidden> writes: > I don't think it is quite that simple. > > Your not just trusting that person will do the right thing. You are > also trusting that they also have good operational security. It is > precisely this sort of trust model which resulted n a number of GNU/ > Linux distributions being compromised in the past. IMO the comparison does not stand. We are not talking about a big volume of binaries hard to verify that are continuously pushed by developers. With the current volume of commits we have on ELPA the eyes of other developers on elpa-diffs are sufficient. I believe giving a little more responsibilities to developers is also a fundamental stimulus to involve them more. This need for security is most likely not to be beneficial and BTW I'm not sure is backuped by specific examples of the past happen in the ELPA repo. Lastly wanted to mention that yeah... as a last resource 'git revert' exists :) Regards Andrea -- address@hidden
[Prev in Thread] | Current Thread | [Next in Thread] |