From: Glenn Morris <rgm@gnu.org>
Date: Tue, 6 Dec 2011 08:31:42 +0000 (-0800)
Subject: * lisp/emacs-lisp/package.el (package-archives): Doc fix re riskiness.
X-Git-Tag: emacs-pretest-24.0.93~216
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=5580f89da876cdc9cd47f036834172073ee00b95;p=emacs.git

* lisp/emacs-lisp/package.el (package-archives): Doc fix re riskiness.
---

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index c222302cc9d..894a66b2cab 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,7 @@
+2011-12-06  Glenn Morris  <rgm@gnu.org>
+
+	* emacs-lisp/package.el (package-archives): Doc fix re riskiness.
+
 2011-12-06  Chong Yidong  <cyd@gnu.org>
 
 	* progmodes/cc-fonts.el (c-annotation-face): Use defface.
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index 8417aa8d380..a1513039a98 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -113,6 +113,8 @@
 
 ;;; ToDo:
 
+;; - a trust mechanism, since compiling a package can run arbitrary code.
+;;   For example, download package signatures and check that they match.
 ;; - putting info dirs at the start of the info path means
 ;;   users see a weird ordering of categories.  OTOH we want to
 ;;   override later entries.  maybe emacs needs to enforce
@@ -224,7 +226,10 @@ Each element has the form (ID . LOCATION).
  LOCATION specifies the base location for the archive.
   If it starts with \"http:\", it is treated as a HTTP URL;
   otherwise it should be an absolute directory name.
-  (Other types of URL are currently not supported.)"
+  (Other types of URL are currently not supported.)
+
+Only add locations that you trust, since fetching and installing
+a package can run arbitrary code."
   :type '(alist :key-type (string :tag "Archive name")
                 :value-type (string :tag "URL or directory name"))
   :risky t