Closed akirak closed 2 years ago
The goal of this project is to provide a framework with which the user can lock and update individual packages in his/her config. The primary reason behind this goal is security, and the issue has been discussed several times:
(There are more reddit threads on the topic, and you can easily reach them via DuckDuckGo.)
I haven't described it in the README yet. I find it difficult to concisely describe the reason, but I will have to do that.
cbowdon provides the following checklist, and Twist would help with the first criteria:
reviewing every single update prior to installing (hardly feasible) code signing (not sure if package.el supports this though) waiting before updating, in hopes that an attack would be discovered before you install installing fewer packages to limit potential exposure generic measures like not running as root and having endpoint protection on Windows
I have briefly explained the intension in README of twist.el. A comprehensive introduction material will be added in the future.
akirak
commented
2 years ago
The goal of this project is to provide a framework with which the user can lock and update individual packages in his/her config. The primary reason behind this goal is security, and the issue has been discussed several times:
(There are more reddit threads on the topic, and you can easily reach them via DuckDuckGo.)
I haven't described it in the README yet. I find it difficult to concisely describe the reason, but I will have to do that.
cbowdon provides the following checklist, and Twist would help with the first criteria: