Re: Proposal for an Emacs User Survey

[Jean Louis]

* Thibaut Verron <thibaut.verron@gmail.com> [2020-10-16 10:54]:
> I personally don't think many users install non-free software because
> they saw it wrapped in a Melpa package.

- helm-lastpass was downloaded 777 times
- lastpass was downloaded 987 times

1 user guided to use non-free software is already many.

- chatwork package was downloaded 1093 times

> Taking the example of emacs-lastpass given above, I don't see how
> anyone would even find this package without searching for it with the
> keyword "lastpass".

They can find it in the list, for majority of packages I did not
search by keyword, I was just downloading, inspecting code for short
time, and trying to use it.

> The audience, rather, is users who are currently using Lastpass in
> their browsers but are interested in bringing some of their online
> activities to Emacs, but rely on their password manager to do so.

That is not based on data, unless you have made opinion poll for that
specific package.

I am really thinking that some of users will download lastpass when
they see there is Emacs package for lastpass

I have been downloading like espeak or festival speech packages, which
are free software, when I have seen there are Emacs packages for
speech, in the same way users will be guided to proprietary software.

MELPA is to ELPA what Archlinux and Debian is to Guix and other free
software distributions. They do not explicitly warn users about
proprietary software, even though I do not think MELPA is letting
non-free software being distributed.

> I absolutely support the fact that Melpa is not activated by default,
> and that there should be a warning about the existence of those
> packages everywhere possible. But I still consider that the value of
> those packages outweigh their dangers, just like the win32 build of
> Emacs.

Proprietary software wrapped is security issue, and largest danger is
lack of security as MELPA is not reviewing software updates, any time
malicious code can be inserted which could affect thousands of users.

Here is example when Gentoo Linux was cracked on Github:
https://nakedsecurity.sophos.com/2018/06/29/linux-distro-hacked-on-github-all-code-considered-compromised/

Here is example when Linux Mint distribution was cracked:
https://www.techrepublic.com/article/why-the-linux-mint-hack-is-an-indicator-of-a-larger-problem/