From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Mattias =?UTF-8?Q?Engdeg=C3=A5rd?= <mattiase@acm.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#45198: 28.0.50; Sandbox mode
Date: Fri, 18 Dec 2020 19:50:12 +0100
Message-ID: <D3A22728-8650-409B-9406-45A1C191C5F9@acm.org>
References: <0917E396-F78C-45BF-8A1F-5C23CA722D9A@acm.org>
 <CAArVCkT0bA+5tqgMZrf1-cuenZi0v2mwY=LLZDXPJbRjtKFCuw@mail.gmail.com>
 <F4789EA5-BCBC-4B10-BA52-3329DB9C9E42@acm.org>
 <CAArVCkTWdYNSe+=uvUMXMe0pcSL+gWsfQW=mVWn3aq5bGF5iTg@mail.gmail.com>
 <26556EDE-9133-450F-9181-2859E058677C@acm.org>
 <CAArVCkTifUSH4n0L4iNho+JdD40FkJ4udvU-jbxM4arTWQ8Vhw@mail.gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="33908"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: Bastien <bzg@gnu.org>, 45198@debbugs.gnu.org,
 Stefan Monnier <monnier@iro.umontreal.ca>,
 =?UTF-8?Q?Jo=C3=A3o_?= =?UTF-8?Q?T=C3=A1vora?= <joaotavora@gmail.com>
To: Philipp Stephani <p.stephani2@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Dec 18 19:51:31 2020
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1kqKqg-0008Rk-W5
	for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 18 Dec 2020 19:51:31 +0100
Original-Received: from localhost ([::1]:50940 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1kqKqf-0000Ru-1W
	for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 18 Dec 2020 13:51:29 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:56904)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kqKqF-0000MH-9E
 for bug-gnu-emacs@gnu.org; Fri, 18 Dec 2020 13:51:03 -0500
Original-Received: from debbugs.gnu.org ([209.51.188.43]:56592)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kqKqE-0002Hw-W9
 for bug-gnu-emacs@gnu.org; Fri, 18 Dec 2020 13:51:03 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1kqKqE-00016M-Rs
 for bug-gnu-emacs@gnu.org; Fri, 18 Dec 2020 13:51:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Mattias =?UTF-8?Q?Engdeg=C3=A5rd?= <mattiase@acm.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Fri, 18 Dec 2020 18:51:02 +0000
Resent-Message-ID: <handler.45198.B45198.16083174264182@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 45198
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
Original-Received: via spool by 45198-submit@debbugs.gnu.org id=B45198.16083174264182
 (code B ref 45198); Fri, 18 Dec 2020 18:51:02 +0000
Original-Received: (at 45198) by debbugs.gnu.org; 18 Dec 2020 18:50:26 +0000
Original-Received: from localhost ([127.0.0.1]:39904 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1kqKpe-00015N-9O
 for submit@debbugs.gnu.org; Fri, 18 Dec 2020 13:50:26 -0500
Original-Received: from mail1476c50.megamailservers.eu ([91.136.14.76]:41902
 helo=mail118c50.megamailservers.eu)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mattiase@acm.org>) id 1kqKpa-000157-Tc
 for 45198@debbugs.gnu.org; Fri, 18 Dec 2020 13:50:23 -0500
X-Authenticated-User: mattiase@bredband.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=megamailservers.eu;
 s=maildub; t=1608317416;
 bh=DRvhXphCF16NoIsHJ9im/Cx0Xy/ncRb+fP34cfM+lvo=;
 h=Subject:From:In-Reply-To:Date:Cc:References:To:From;
 b=ZtlG9ShXyvCG1sTUOFM/GELogQzmkJTOMLUTGEeG/BNMJK5GNJRZ6F5v3oOWp+orm
 abmkVD+gsWmyqGtHOKEErQSo4B56RVepZYT9AQTCy3x3Ytiqn6kzPN24fIhq53vl+H
 qUDV33fSRat+ftCIRk0r4wZSuV/inl7GlHh+b4hU=
Feedback-ID: mattiase@acm.or
Original-Received: from stanniol.lan (c-064ae655.032-75-73746f71.bbcust.telenor.se
 [85.230.74.6]) (authenticated bits=0)
 by mail118c50.megamailservers.eu (8.14.9/8.13.1) with ESMTP id 0BIIoD4O024315; 
 Fri, 18 Dec 2020 18:50:14 +0000
In-Reply-To: <CAArVCkTifUSH4n0L4iNho+JdD40FkJ4udvU-jbxM4arTWQ8Vhw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.17)
X-CTCH-RefID: str=0001.0A782F17.5FDCF9E8.0068, ss=1, re=0.000, recu=0.000,
 reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CSC: 0
X-CHA: v=2.3 cv=HYRqsRM8 c=1 sm=1 tr=0 a=Ni+dBsiEfW2GqKMPYZim9A==:117
 a=Ni+dBsiEfW2GqKMPYZim9A==:17 a=kj9zAlcOel0A:10 a=M51BFTxLslgA:10
 a=pGLkceISAAAA:8 a=Nb5UD5TeAAAA:20 a=_W6XiWOAtFuLNlGfoowA:9
 a=CjuIK1q_8ugA:10
X-Origin-Country: SE
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:196344
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/196344>

18 dec. 2020 kl. 16.21 skrev Philipp Stephani <p.stephani2@gmail.com>:

> Ah, I was talking about the engineering/product management aspect, not
> about the technical one: If you start with an initially-open sandbox
> policy, locking it down in future releases is much harder than the
> other way round.

I assumed we were just building a mechanism for our own consumption at =
this stage, even if the eventual aim is something available for general =
use.

>  We
> should definitely run the subprocess with --quick --batch and an empty
> environment by default, not only for security and speed, but also for
> reproducibility. That's also what Flycheck does
> =
(https://github.com/flycheck/flycheck/blob/a11b789807d1d942d6fcfac17508d07=
2b9cf7ba8/flycheck.el#L8435)

Thanks for the reference, and you may very well be right. A counterpoint =
is that since the facility would be enabled by default, a user met with =
complaints about perfectly fine code will immediately disable the checks =
and thus foil our plan to nudge his coding habits in a desirable =
direction.

I take it that you don't suggest that we skip on loading autoloads =
(possibly in the shape of quickstart) though? A bit rough to =
byte-compile without those, unless we deprecate autoloads altogether.