From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#75017: 31.0.50; Untrusted user lisp files
Date: Sun, 22 Dec 2024 08:12:49 +0200
Message-ID: <86h66w6yam.fsf@gnu.org>
References: <87bjx43gp7.fsf@pub.pink>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@mail.gmail.com>
 <jwv4j2wcsvj.fsf-monnier+emacs@gnu.org>
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="21340"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: acorallo@gnu.org, jm@pub.pink, stefankangas@gmail.com,
 75017@debbugs.gnu.org
To: Stefan Monnier <monnier@iro.umontreal.ca>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Dec 22 07:14:21 2024
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1tPFEK-0005Or-VQ
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 22 Dec 2024 07:14:21 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1tPFE4-0005e1-Gr; Sun, 22 Dec 2024 01:14:04 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tPFE2-0005dE-Vv
 for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 01:14:03 -0500
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tPFE2-0007on-Nc
 for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 01:14:02 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=References:In-Reply-To:From:Date:To:Subject;
 bh=YLVOLab8pBDgZZB1sQkSe8wrVNn9e/edtk7OH5o/bE8=; 
 b=Z9Alf0Et54gofqOjv5b/ozPIUiS7kUSSQdB5x4qNSeZibcE/2AzHE1qShNEIGOxzLuNTwVyqE/D+n/Ja+DT6xS9br3cDUCyyATRG1lcHr9hgIUc3bdEQkGk8lpw/dKSqKkobiZNRep8qOolevy+wYst9xgzTeWG0kE9l+xftZ6diZCovoASqir4qcHvsESl/z+gmwxuYh95BK1oPIeFCUTaMTMIH4HyjjgW2v0a5HeHsGdkCxZ5R6Cp0MlMOZ3gftw6UFUhAgKLLRR52qLiDC/nrzB9ATC3obmvEcnCjCq6sqd+yhJsUf6pgUJYPuWZ2lQ0ZNTmIJNOwsx9Is+/DLw==;
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tPFE2-00006j-IN
 for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 01:14:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sun, 22 Dec 2024 06:14:02 +0000
Resent-Message-ID: <handler.75017.B75017.1734847982301@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 75017
X-GNU-PR-Package: emacs
Original-Received: via spool by 75017-submit@debbugs.gnu.org id=B75017.1734847982301
 (code B ref 75017); Sun, 22 Dec 2024 06:14:02 +0000
Original-Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 06:13:02 +0000
Original-Received: from localhost ([127.0.0.1]:48775 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tPFD3-0008WH-Gb
 for submit@debbugs.gnu.org; Sun, 22 Dec 2024 01:13:01 -0500
Original-Received: from eggs.gnu.org ([209.51.188.92]:48760)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1tPFD1-0008Vv-AM
 for 75017@debbugs.gnu.org; Sun, 22 Dec 2024 01:13:00 -0500
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1tPFCu-0007ZL-SQ; Sun, 22 Dec 2024 01:12:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=YLVOLab8pBDgZZB1sQkSe8wrVNn9e/edtk7OH5o/bE8=; b=kacD7gigKXaX
 /ShHMMzquCebo+k8F6HT0Nfox+1jN+KL+dHUbB1FaECPRf663SM6noh21h4eoODFuz1ai5p1Eho19
 zomVlY3u4DpuS2Fy57D2PQA/oMoGzTy/ydFymXNPzSBEtoHNZpaHRSB4LydXLSZrsG6Ii0+z7Y94v
 EDQ91xrDqxxVvH29OD97sfsCaxvMKZZkLg07/fo7VKOUqXG4T+TBeEP6TnoCc3XpZpt5ZHI+0MYTi
 hA1O+v8ApzOu1Cf9qzBJ6w5Q5xlQaN0INToW56FogtbO/KYKVUdF15LQsZvEFPKkwEGJP1vLcG2J+
 BAx7NNGzseRZkS6eUbHJgQ==;
In-Reply-To: <jwv4j2wcsvj.fsf-monnier+emacs@gnu.org> (message from Stefan
 Monnier on Sat, 21 Dec 2024 22:16:05 -0500)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:297572
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/297572>

> From: Stefan Monnier <monnier@iro.umontreal.ca>
> Cc: john muhl <jm@pub.pink>,  75017@debbugs.gnu.org,  Eli Zaretskii
>  <eliz@gnu.org>,  Andrea Corallo <acorallo@gnu.org>
> Date: Sat, 21 Dec 2024 22:16:05 -0500
> 
> > Maybe we should install something like the below?
> 
> Fine by me, but I think this should be added via a new
> `trusted-content-function(s)` and added buffer-locally only in
> elisp-mode buffers.

Sorry, but this is slippery slope.  For starters, no one said that
site-run-file is installed by a sysadmin -- that is only so on certain
systems.  For example, MS-Windows is generally not in that category.

More generally, if we go this way, i.e. every complaint by some user
about a file that _could_ be trusted, or even is trusted on a group of
systems, causes us to add more and more files and directories to the
trusted list, there will be no end to this, and, significantly, Emacs
30 will never be released.

So from where I stand, what we have now on the latest emacs-30 branch
is as good and as far as it gets, at least for Emacs 30.  My
suggestion to anyone who wants additional files/directories to vet to
please use the existing facilities to add them to the trusted list.
This way, we collect experience and data points regarding which
files/directories and under what conditions should be trusted, and can
improve what we have now in the future.  At that future time we should
probably ask users to name the files and directories they needed to
add to the trusted list, and take it from there, making changes which
will take that into account.

If you still insist on installing such changes at this time, please do
that on master.  My preference is to wait with this until we have
enough experience with what we have, which means not before Emacs 30.1
is released and a couple of months go by.  But if people insist on
installing now on master, I won't object.

Thanks.