Re: Easy configuration of a site-lisp directory

[Arthur Miller]

dick <dick.r.chiang@gmail.com> writes:

>> Never heard of Elpaso before. What is the advantage compared to straight?
>
> It embraces package.el.  Straight would prefer its users eliminate all
> package.el configuration.  As I am a contemptuous (and contemptible) being,
> I'll take this opportunity to badmouth straight.  Its answer to GNU ELPA being
> "stupidly complex" was hosting a Heroku mirror to "bypass terrible package
> management decisions" and to avoid having to understand the elpa-admin
> code. [1] One particularly unsightly side effect of this is 50 lines of gnarly
> elisp to get around org-mode's needing a preliminary call to `make`.

Ok. thanks for the bird view. I actually took some time to skimm through
the github page, I red now that it is an explicit goal to be
incompatible with package.el.

> It's also impossible to take seriously a README that is 23,000 words,

Well, I don't think author ment you to take him seriously in all those
words either :-):

"straight.el frees you from needing to think about package management,
since I already did all the thinking to figure how best to design
everything."

He does have humour.

>             My reading of r/emacs suggests roughly half the forum's 
> enthusiasts
> use straight, not to mention all the zoomer doomers.

Yes, straight seems to be very popular. I don't use it myself, but
as I understand people really like to be able to just auto-download code
from some online git repo. Doom indeed has added a lot to it's popularity.

>> a centralized reviewed source is also at least some security safety net.
>
> Statements like this only encourage the invidious-minded among us to "check
> your privilege."  It's obvious to everyone that baseline measures like
> package-signing or secure http only ensure the trojan horse you're getting is
> authentically the trojan horse that my blackhat alias wrote.  The ELPAs rely
> on our good faith and the limited financial upside of exploiting a userbase of
> our modest size (and probably modest means -- emacsers use free software not
> only for philosophical reasons!).

Well I hope that someone who is managing Elpa (Stefans?) is looking at
what people contribute to it. With looking at I mean, looking like in a
"code review"? At least that seems to be case with Melpa.

But yes, in general, of course, it is a weak guarantee, but for
non-developers it is at least some guarantee. For a developer it is
probably no brainer to decide if something is bull or OK, I use loads of
lisp code form people's gits, emacs wiki and other places which are not
in elpa/melpa repos, but for some random Joe who never opened a lisp 
file it can be a difference between opening the computer to maffia or
running something secure. I admit that it indeed is a low risk
considering current (im)popularity of Emacs, but I wouldn't count on
that one.

> [1] https://github.com/raxod502/straight.el/issues/762#issuecomment-841859211