* lisp/emacs-lisp/package.el (package-archives): Doc fix re riskiness.

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index c222302cc9d9c9e99eaad175e0a81ef4eaca35bd..894a66b2cabcc692765e2284976ecd4d95c17e50 100644 (file)
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,7 @@
+2011-12-06  Glenn Morris  <rgm@gnu.org>
+
+       * emacs-lisp/package.el (package-archives): Doc fix re riskiness.
+
 2011-12-06  Chong Yidong  <cyd@gnu.org>
 
        * progmodes/cc-fonts.el (c-annotation-face): Use defface.

diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index 8417aa8d380ab8266726a2828caf72cc8a6b1d7c..a1513039a9813f041a623951923e8547909b822d 100644 (file)
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -113,6 +113,8 @@
 
 ;;; ToDo:
 
+;; - a trust mechanism, since compiling a package can run arbitrary code.
+;;   For example, download package signatures and check that they match.
 ;; - putting info dirs at the start of the info path means
 ;;   users see a weird ordering of categories.  OTOH we want to
 ;;   override later entries.  maybe emacs needs to enforce
@@ -224,7 +226,10 @@ Each element has the form (ID . LOCATION).
  LOCATION specifies the base location for the archive.
   If it starts with \"http:\", it is treated as a HTTP URL;
   otherwise it should be an absolute directory name.
-  (Other types of URL are currently not supported.)"
+  (Other types of URL are currently not supported.)
+
+Only add locations that you trust, since fetching and installing
+a package can run arbitrary code."
   :type '(alist :key-type (string :tag "Archive name")
                 :value-type (string :tag "URL or directory name"))
   :risky t