From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Philipp Stephani Newsgroups: gmane.emacs.bugs Subject: bug#45198: 28.0.50; Sandbox mode Date: Sat, 19 Dec 2020 16:08:52 +0100 Message-ID: References: <0917E396-F78C-45BF-8A1F-5C23CA722D9A@acm.org> <26556EDE-9133-450F-9181-2859E058677C@acm.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="1031"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Bastien , 45198@debbugs.gnu.org, Stefan Monnier , =?UTF-8?Q?Jo=C3=A3o_?= =?UTF-8?Q?T=C3=A1vora?= To: Mattias =?UTF-8?Q?Engdeg=C3=A5rd?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Dec 19 16:10:10 2020 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kqds1-00008p-E8 for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 19 Dec 2020 16:10:09 +0100 Original-Received: from localhost ([::1]:59510 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kqds0-0001bN-GE for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 19 Dec 2020 10:10:08 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:58544) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kqdru-0001bH-Ky for bug-gnu-emacs@gnu.org; Sat, 19 Dec 2020 10:10:02 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]:59680) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kqdru-0006s7-BZ for bug-gnu-emacs@gnu.org; Sat, 19 Dec 2020 10:10:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kqdru-0002ls-6D for bug-gnu-emacs@gnu.org; Sat, 19 Dec 2020 10:10:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Philipp Stephani Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 19 Dec 2020 15:10:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45198 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 45198-submit@debbugs.gnu.org id=B45198.160839055310591 (code B ref 45198); Sat, 19 Dec 2020 15:10:02 +0000 Original-Received: (at 45198) by debbugs.gnu.org; 19 Dec 2020 15:09:13 +0000 Original-Received: from localhost ([127.0.0.1]:42993 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kqdr7-0002kk-0H for submit@debbugs.gnu.org; Sat, 19 Dec 2020 10:09:13 -0500 Original-Received: from mail-oi1-f181.google.com ([209.85.167.181]:36484) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kqdr4-0002kW-EK for 45198@debbugs.gnu.org; Sat, 19 Dec 2020 10:09:11 -0500 Original-Received: by mail-oi1-f181.google.com with SMTP id 9so6378066oiq.3 for <45198@debbugs.gnu.org>; Sat, 19 Dec 2020 07:09:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=5vJSOwWmpjKDCJpvhk4WPwuXNwjp3xf5k/8yPY+wXrQ=; b=BWdHd7fel10AgeS5FAwDR9yWuMGPlZp8X4pWSVi1A9CrKu3kFakWD6BXivfwn7e3Xv ViCl0wXocDaQ7nY1JxqR6LH0WG1q49ATJG50+Q5AohKEq9/dnYu9P8Bl5s4ytHs055tb rx/d9nvz80+weVHLIQI0fsGI1B3Yt1w2/aKB/Y/QXAnJ+atf+6S9kzZ2ahnOrpzGt7WG /yarTH0x+UiET2ic6bNFSxQzsgDa8vfbp+te4iVopYoCBAURVZ+XGuh/WEKXK1+nmL3g or/44yLj1DzlUdV3MBiCtvXhIFhfUDvDV9B/OJZHJ8sff9cHpk/YfYkgeSVIDGTY2ZeK 7cBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=5vJSOwWmpjKDCJpvhk4WPwuXNwjp3xf5k/8yPY+wXrQ=; b=ekSrHmejI4dVfhdmOvJtoXByVOzQbIkXXB/DQ1jEUg9mxkupMIW0hSgPLBCitvdCDp Jc/s9tTDR/Ig4HV1ZWhlSYfdlKax/WI6NYAA2r+gCflzcV8vLDsx0S88133O974LOcmL w/qv3azovzFR3k8SOQG20M0d63Dbql3IeeR5oVxHYUJrRN8uqWDSY9z7hzZUfDnZu6JD xxkQVkqGSM7bd01lNH23ysFND2CNdiZ2fuHUrfS7/HRb8EGW1SVxHGZau6LHWICD7UqT e0YbgPKF0fmCcq3/UYwhQ5n5Tp/r2jpWN1WQxbDa+HFW0uZm2MUOxkjj6ouLe99TWkKS MMrA== X-Gm-Message-State: AOAM532nV/hdLtkfqQXeUs/xN8DjoOuF6ZvY8Je06LN/iiRFqO/8XCv5 8nIARDjNMXKB6UiofIoZ95IOqWYLRU+nSpKrPus= X-Google-Smtp-Source: ABdhPJwfv5FgOSKyQ9EqI8UN6xeXs8T/yURRr9BsZ0opR5oUI6dNH7JmYmcBIe/Yz/qCq5zHtxm9CeMPI9UdUF1Q8a4= X-Received: by 2002:aca:3b03:: with SMTP id i3mr5965444oia.170.1608390544553; Sat, 19 Dec 2020 07:09:04 -0800 (PST) In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:196389 Archived-At: Am Fr., 18. Dez. 2020 um 19:50 Uhr schrieb Mattias Engdeg=C3=A5rd : > > 18 dec. 2020 kl. 16.21 skrev Philipp Stephani : > > > Ah, I was talking about the engineering/product management aspect, not > > about the technical one: If you start with an initially-open sandbox > > policy, locking it down in future releases is much harder than the > > other way round. > > I assumed we were just building a mechanism for our own consumption at th= is stage, even if the eventual aim is something available for general use. I'd say these two questions are somewhat independent of each other. Even with an internal-only interface, people will start to assume that reading arbitrary files works. I'm personally not a huge fan of such internal interfaces though. They are necessary in some cases, but a high-level UI framework like Flymake shouldn't need to use them. Besides, since Flymake is released as an external package, it should rather not use internal interfaces in the first place. > > > We > > should definitely run the subprocess with --quick --batch and an empty > > environment by default, not only for security and speed, but also for > > reproducibility. That's also what Flycheck does > > (https://github.com/flycheck/flycheck/blob/a11b789807d1d942d6fcfac17508= d072b9cf7ba8/flycheck.el#L8435) > > Thanks for the reference, and you may very well be right. A counterpoint = is that since the facility would be enabled by default, a user met with com= plaints about perfectly fine code will immediately disable the checks and t= hus foil our plan to nudge his coding habits in a desirable direction. Maybe, though I wouldn't be so sure. Elisp compilation in Flycheck is enabled by default and presumably suffers from the same problems. There are also similar problems with other languages: for example, when I visit src/lisp.h and enable Flymake, I get 2287 errors, 154 warnings, and 4002 notices (which is an actual problem since the huge number of overlays makes Emacs sluggish - probably Flymake should just stop after 20 diagnostics or so...). I totally agree that we need to keep the false positive rate low, but I wouldn't say that any nonzero rate would make Flymake useless. > > I take it that you don't suggest that we skip on loading autoloads (possi= bly in the shape of quickstart) though? A bit rough to byte-compile without= those, unless we deprecate autoloads altogether. > Good question. I'd say we disable them initially and see what happens. It'll be a while until Emacs 28 gets released, so we have enough time to gather feedback and make adjustments. I also think that packages shouldn't rely on autoloads from other packages. I generally dislike autoloads and think they are overused. They make programming unnecessarily brittle because they assume not only that the load path is set up correctly, but also that the correct loaddefs files are already loaded. Autoloads are probably fine for interactive commands to avoid unnecessarily loading rarely-used packages, but inter-package dependencies should just use 'require'.