[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Sv: Install orgmode using its git repository.
|
From: |
arthur miller |
|
Subject: |
RE: Sv: Install orgmode using its git repository. |
|
Date: |
Mon, 28 Dec 2020 23:16:34 +0000 |
Nöje of that you write is particularly adequate "addressing" of potential
security vulnerability that let's potential malicious code 1) install anything
on your machine 2) steal your data 3) destroy your data.
Maybe a virtual machine, but then you wouldn't be running your Emacs for
anything sensitive or serious.
A reviewed package from elpa/helps gives at least some guarantee that you are
not getting binary blobs and/or directly malicious code installed on your
machine.
-------- Originalmeddelande --------
Från: David Masterson <dsmasterson92630@outlook.com>
Datum: 2020-12-28 22:44 (GMT+01:00)
Till: arthur miller <arthur.miller@live.com>
Kopia: Hongyi Zhao <hongyi.zhao@gmail.com>, Stefan Monnier
<monnier@iro.umontreal.ca>, help-gnu-emacs <help-gnu-emacs@gnu.org>
Ämne: Re: Sv: Install orgmode using its git repository.
arthur miller <arthur.miller@live.com> writes:
> I don't think it is very safe practice to install random Joe's code
> directly from some git repo. We have not yet seen malicious code (not
> what I know) in Emacs community, but Emacs in that respect is as bad
> as MS Office from time when VBA scripts (and viruses) were shared
> wildly around, or a web browserwith JS that can do anything. Remember
> time when JS was off by default in all browsers? Elisp can do
> whatever on your computer, so you should be careful what you
> install. Installing from random git repos can open you for more
> security problems then needed. I do clone lots from gitlab/github, but
> I always look at the code myself before I ever run it.
>
> Another point is that installing from git and different branches as it
> is possible with straight.el or quelpa (is what OP actually wants) can
> eventually lead to incompatibility between code that might be much
> harder to detect. I personally don't want to bother with latest-latest
> of all latest because eventually it could become a spagheti code of
> possible incompatibility and clashes.
You can address these points in multiple ways:
1. A good backup and restore strategy
2. Virtual machines (ie a chromebook)
3. prioritize (m)elpa-stable over (m)elpa
4. el-get can get particular version from git
...
--
David Masterson
- Install orgmode using its git repository., Hongyi Zhao, 2020/12/27
- Re: Install orgmode using its git repository., Stefan Monnier, 2020/12/27
- Re: Install orgmode using its git repository., Hongyi Zhao, 2020/12/27
- Re: Install orgmode using its git repository., David Masterson, 2020/12/28
- Re: Install orgmode using its git repository., Stefan Monnier, 2020/12/28
- Re: Install orgmode using its git repository., Hongyi Zhao, 2020/12/28
- Sv: Install orgmode using its git repository., arthur miller, 2020/12/28
- Re: Sv: Install orgmode using its git repository., Stefan Monnier, 2020/12/28
- Re: Sv: Install orgmode using its git repository., David Masterson, 2020/12/28
- RE: Sv: Install orgmode using its git repository.,
arthur miller <=
- Re: Sv: Install orgmode using its git repository., Leo Butler, 2020/12/29
- RE: Sv: Install orgmode using its git repository., arthur miller, 2020/12/29
- Re: Sv: Install orgmode using its git repository., Robert Thorpe, 2020/12/29
- Re: Sv: Install orgmode using its git repository., Hongyi Zhao, 2020/12/29
- RE: Sv: Install orgmode using its git repository., arthur miller, 2020/12/29
- Re: Sv: Install orgmode using its git repository., Hongyi Zhao, 2020/12/29
- Re: Install orgmode using its git repository., Stefan Monnier, 2020/12/28
Re: Install orgmode using its git repository., Eli Zaretskii, 2020/12/27
Sv: Install orgmode using its git repository., arthur miller, 2020/12/28