diff options
| author | Glenn Morris <rgm@gnu.org> | 2011-12-06 00:31:42 -0800 |
|---|---|---|
| committer | Glenn Morris <rgm@gnu.org> | 2011-12-06 00:31:42 -0800 |
| commit | 5580f89da876cdc9cd47f036834172073ee00b95 (patch) | |
| tree | 9155fcdaa3447d6a3da3162ead7afd3e1c7a0aaa /lisp/emacs-lisp | |
| parent | 2bf2618007dd1f5038ae741a693c3924aee86e78 (diff) | |
| download | emacs-5580f89da876cdc9cd47f036834172073ee00b95.tar.gz emacs-5580f89da876cdc9cd47f036834172073ee00b95.tar.bz2 emacs-5580f89da876cdc9cd47f036834172073ee00b95.zip | |
* lisp/emacs-lisp/package.el (package-archives): Doc fix re riskiness.
Diffstat (limited to 'lisp/emacs-lisp')
| -rw-r--r-- | lisp/emacs-lisp/package.el | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el index 8417aa8d380..a1513039a98 100644 --- a/lisp/emacs-lisp/package.el +++ b/lisp/emacs-lisp/package.el @@ -113,6 +113,8 @@ ;;; ToDo: +;; - a trust mechanism, since compiling a package can run arbitrary code. +;; For example, download package signatures and check that they match. ;; - putting info dirs at the start of the info path means ;; users see a weird ordering of categories. OTOH we want to ;; override later entries. maybe emacs needs to enforce @@ -224,7 +226,10 @@ Each element has the form (ID . LOCATION). LOCATION specifies the base location for the archive. If it starts with \"http:\", it is treated as a HTTP URL; otherwise it should be an absolute directory name. - (Other types of URL are currently not supported.)" + (Other types of URL are currently not supported.) + +Only add locations that you trust, since fetching and installing +a package can run arbitrary code." :type '(alist :key-type (string :tag "Archive name") :value-type (string :tag "URL or directory name")) :risky t |