From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Slawomir Nowaczyk Newsgroups: gmane.emacs.devel Subject: Re: Image mode Date: Tue, 06 Feb 2007 12:09:07 +0100 Message-ID: <20070206114649.1B8A.SLAWOMIR.NOWACZYK.847@student.lu.se> References: <87k5yxeg19.fsf@jurta.org> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Trace: sea.gmane.org 1170760185 13530 80.91.229.12 (6 Feb 2007 11:09:45 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 6 Feb 2007 11:09:45 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Feb 06 12:09:41 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1HEOCi-0001c4-Cq for ged-emacs-devel@m.gmane.org; Tue, 06 Feb 2007 12:09:40 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEOCe-0001fZ-UY for ged-emacs-devel@m.gmane.org; Tue, 06 Feb 2007 06:09:36 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEOCT-0001cc-RE for emacs-devel@gnu.org; Tue, 06 Feb 2007 06:09:25 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEOCT-0001cE-27 for emacs-devel@gnu.org; Tue, 06 Feb 2007 06:09:25 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEOCS-0001c4-RS for emacs-devel@gnu.org; Tue, 06 Feb 2007 06:09:24 -0500 Original-Received: from himmelsborg.cs.lth.se ([130.235.16.11]) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HEOCS-0002I2-7a for emacs-devel@gnu.org; Tue, 06 Feb 2007 06:09:24 -0500 Original-Received: from [127.0.0.1] (slawek@dain [130.235.16.76]) by himmelsborg.cs.lth.se (8.13.6/8.13.6/perf-jw-tr) with ESMTP id l16B989I021965 for ; Tue, 6 Feb 2007 12:09:09 +0100 (CET) In-Reply-To: X-Esmandil_Citation: done X-Mailer-Plugin: Popup Memopad for Becky!2 Ver.0.02 Rev.2 X-Mailer: Becky! ver. 2.25.02 [en] X-detected-kernel: Solaris 8 (1) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:66006 Archived-At: On Sun, 04 Feb 2007 20:40:39 -0500 Chong Yidong wrote: #> Juri Linkov writes: #> #> > A different case is image autodetection. When the image file has an #> > extension unusual for image files or has no extension at all, then it #> > would be a (possibly bad) surprise for the user to see it displayed as #> > an image. I agree that there should be an option that by default before #> > displaying the image from files with non-image extensions should either #> > ask for confirmation before visiting such file in image-mode, or (better) #> > visit the file just in image-minor-mode with more explanations shown #> > in the echo area. #> #> As Richard has argued, IF displaying an image can cause a security #> risk, it doesn't matter whether or not that image was autodetected or #> had the relevant file name. So let's please not worry about this. I disagree. For me, at least, *all* that matters is if the filename matches the image contents. About the only case when I care about security when opening images are things which I receive in emails (sure, there is a chance a virus image sits somewhere on my disk or on one of the web pages I view, but if that is the case, then I am likely to fall victim to it anyway, because I will likely open it in something else than Emacs). What I am interested in is making sure that I am safe when I receive an email containing attachment with .txt or .c extension and I decide to view it in Emacs. I do *not* want it to display it as an image *without* asking for confirmation (one way or another). OTOH, if I decide to open an attachment with .jpeg extension, then I am apparently willing to trust the source and I am perfectly OK with Emacs displaying it as an image (if Emacs refuses to display such images, I will just use Firefox or IrfanView, which are more or less equally susceptible to attacks)... Please, trust the user! If I say I want Emacs to open a.jpeg, that means I want to open an image. If I say I want Emacs to open a.txt, then I expect this action to be safe. YMMV, of course, and I do not require the above to the *default* configuration, but _please_ make this behaviour possible -- and, preferably, easy to achieve because I really believe that is the only sane configuration for security-aware users. -- Best wishes, Slawomir Nowaczyk ( slawomir.nowaczyk.847@student.lu.se ) The glass is not half full, nor half empty. The glass is just too big.