diff --git a/lisp/ChangeLog b/lisp/ChangeLog index c222302cc9d9c9e99eaad175e0a81ef4eaca35bd..894a66b2cabcc692765e2284976ecd4d95c17e50 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,7 @@ +2011-12-06 Glenn Morris + + * emacs-lisp/package.el (package-archives): Doc fix re riskiness. + 2011-12-06 Chong Yidong * progmodes/cc-fonts.el (c-annotation-face): Use defface. diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el index 8417aa8d380ab8266726a2828caf72cc8a6b1d7c..a1513039a9813f041a623951923e8547909b822d 100644 --- a/lisp/emacs-lisp/package.el +++ b/lisp/emacs-lisp/package.el @@ -113,6 +113,8 @@ ;;; ToDo: +;; - a trust mechanism, since compiling a package can run arbitrary code. +;; For example, download package signatures and check that they match. ;; - putting info dirs at the start of the info path means ;; users see a weird ordering of categories. OTOH we want to ;; override later entries. maybe emacs needs to enforce @@ -224,7 +226,10 @@ Each element has the form (ID . LOCATION). LOCATION specifies the base location for the archive. If it starts with \"http:\", it is treated as a HTTP URL; otherwise it should be an absolute directory name. - (Other types of URL are currently not supported.)" + (Other types of URL are currently not supported.) + +Only add locations that you trust, since fetching and installing +a package can run arbitrary code." :type '(alist :key-type (string :tag "Archive name") :value-type (string :tag "URL or directory name")) :risky t