From: "Stuart D. Herring" <herring@lanl.gov>
To: "Richard Stallman" <rms@gnu.org>
Cc: lekktu@gmail.com, cyd@stupidchicken.com, emacs-devel@gnu.org
Subject: Re: Image mode
Date: Wed, 7 Feb 2007 08:10:22 -0800 (PST) [thread overview]
Message-ID: <39229.128.165.123.18.1170864622.squirrel@webmail.lanl.gov> (raw)
In-Reply-To: <E1HEZXv-0005ol-Rt@fencepost.gnu.org>
> What good does it do me to avoid displaying a image named foo.txt
> if I don't avoid displaying an image named foo.jpg?
Displaying an image carries some risk, while (to the best of everyone's
knowledge) displaying any data whatever in an Emacs buffer as text
(possibly with control characters, or with hexl-mode) is safe. So a user
presented with two plausible files from an untrusted source, foo.txt and
foo.jpg, might sensibly examine the text file first to see if it is
legitimate. If, however, the files have the same malicious contents, and
Emacs helpfully renders the .txt file as an image, the user's caution is
vain. Yes, not all users have such caution, but they are not harmed by a
policy which treats misnamed files as suspect.
The point is that all users, whether they know about the risks or not,
mean for Emacs to render a JPEG if they M-x find-file foo.jpg, because
that is really the only useful thing Emacs could do there. When -some-
users M-x find-file foo.txt, they are specifically wanting Emacs -not- to
render the file as an image, because they are being careful and dealing
only in text. Other users who would see the JPEG data and think only
"huh, this is garbage" rather than "wow, it really was an image posing as
text" would benefit from image-minor-mode and its helpful minibuffer
message about C-c C-c. In either case, starting the major mode associated
with the file's extension is probably appropriate.
So for some users, recognizing but failing to render an image.txt is
helpful, and for others it does no real harm. And for all users,
recognizing and rendering an image.jpg is sensible. All of this should of
course be customizable: `image-render-immediately', defaulting to t
because permanent paranoia should be opt-in, and
`image-render-nonimage-immediately', defaulting to nil because users
should not have to be paranoid about text files.
Finally, the ".txt" extension here could just as easily be ".png"; if the
image is in fact a JPEG, we have the case where a user has just patched
their PNG library but not their JPEG library. I suppose that it is more
common to merely distinguish images from not, so perhaps a third option
`image-render-misnamed-immediately' defaulting to t would be appropriate.
Davis
PS The default values I offer here end up being a selection from the list
of options that has been going around, but they are not the point! The
point is to illustrate why the behavior could be usefully different for
different extensions.
--
This product is sold by volume, not by mass. If it appears too dense or
too sparse, it is because mass-energy conversion has occurred during
shipping.
next prev parent reply other threads:[~2007-02-07 16:10 UTC|newest]
Thread overview: 164+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-04 22:52 Image mode Juri Linkov
2007-02-04 23:40 ` Juanma Barranquero
2007-02-05 1:25 ` Chong Yidong
2007-02-05 9:03 ` Juanma Barranquero
2007-02-05 9:16 ` Juanma Barranquero
2007-02-05 9:28 ` David Kastrup
2007-02-05 9:37 ` David Kastrup
2007-02-05 11:12 ` Juanma Barranquero
2007-02-06 0:16 ` Richard Stallman
2007-02-06 0:25 ` Juanma Barranquero
2007-02-06 1:37 ` Drew Adams
2007-02-06 7:18 ` David Kastrup
2007-02-06 11:09 ` Slawomir Nowaczyk
2007-02-06 0:15 ` Richard Stallman
2007-02-06 0:29 ` Lennart Borgman (gmail)
2007-02-06 4:56 ` Chong Yidong
2007-02-06 23:15 ` Richard Stallman
2007-02-06 23:41 ` Chong Yidong
2007-02-06 23:55 ` Slawomir Nowaczyk
2007-02-05 7:13 ` David Kastrup
2007-02-05 9:06 ` Juanma Barranquero
2007-02-07 19:21 ` Chong Yidong
2007-02-07 19:43 ` Stuart D. Herring
2007-02-07 21:08 ` Chong Yidong
2007-02-07 21:21 ` Stefan Monnier
2007-02-07 21:35 ` Stuart D. Herring
2007-02-07 23:07 ` Stefan Monnier
2007-02-08 9:33 ` Jason Rumney
2007-02-08 16:38 ` Stefan Monnier
2007-02-08 16:55 ` Stuart D. Herring
2007-02-08 18:36 ` Chong Yidong
2007-02-07 22:55 ` Kim F. Storm
2007-02-07 23:27 ` Juri Linkov
2007-02-08 9:30 ` Jason Rumney
2007-02-08 15:23 ` Chong Yidong
2007-02-05 1:40 ` Chong Yidong
2007-02-05 4:21 ` Miles Bader
2007-02-05 10:58 ` Kim F. Storm
2007-02-05 11:02 ` Lennart Borgman (gmail)
2007-02-05 11:16 ` Juanma Barranquero
2007-02-05 11:26 ` David Kastrup
2007-02-05 11:39 ` Juanma Barranquero
2007-02-05 11:48 ` David Kastrup
2007-02-05 12:00 ` Juanma Barranquero
2007-02-05 12:08 ` David Kastrup
2007-02-05 12:16 ` Juanma Barranquero
2007-02-05 19:00 ` Stefan Monnier
2007-02-06 0:16 ` Richard Stallman
2007-02-06 0:32 ` Lennart Borgman (gmail)
2007-02-06 23:14 ` Richard Stallman
2007-02-06 7:16 ` David Kastrup
2007-02-05 12:46 ` Lennart Borgman (gmail)
2007-02-05 12:57 ` Juanma Barranquero
2007-02-05 12:58 ` David Kastrup
2007-02-05 14:47 ` Mathias Dahl
2007-02-05 14:54 ` Juanma Barranquero
2007-02-05 17:08 ` Chong Yidong
2007-02-05 18:35 ` Mathias Dahl
2007-02-05 18:35 ` Jason Rumney
2007-02-05 19:06 ` Chong Yidong
2007-02-05 19:14 ` Juanma Barranquero
2007-02-05 19:26 ` Juanma Barranquero
2007-02-05 19:28 ` Chong Yidong
2007-02-05 19:51 ` Juanma Barranquero
2007-02-05 20:12 ` Stefan Monnier
2007-02-05 20:14 ` Juanma Barranquero
2007-02-05 20:13 ` Chong Yidong
2007-02-05 20:21 ` Juanma Barranquero
2007-02-05 20:33 ` Chong Yidong
2007-02-05 21:25 ` Juanma Barranquero
2007-02-05 21:30 ` Chong Yidong
2007-02-05 22:25 ` Juanma Barranquero
2007-02-05 23:50 ` Chong Yidong
2007-02-06 0:17 ` Juanma Barranquero
2007-02-06 7:06 ` David Kastrup
2007-02-06 8:30 ` Juanma Barranquero
2007-02-06 8:42 ` David Kastrup
2007-02-06 9:06 ` Juanma Barranquero
2007-02-06 9:27 ` David Kastrup
2007-02-06 9:43 ` Juanma Barranquero
2007-02-06 10:29 ` David Kastrup
2007-02-06 10:57 ` Juanma Barranquero
2007-02-06 11:10 ` David Kastrup
2007-02-06 11:42 ` Juanma Barranquero
2007-02-06 11:48 ` David Kastrup
2007-02-06 12:02 ` Juanma Barranquero
2007-02-06 23:16 ` Richard Stallman
2007-02-07 0:06 ` David Kastrup
2007-02-07 19:41 ` Richard Stallman
2007-02-07 19:41 ` Richard Stallman
2007-02-07 16:10 ` Stuart D. Herring [this message]
2007-02-09 17:24 ` Chris Moore
2007-02-09 18:14 ` Stuart D. Herring
2007-02-09 18:22 ` Chong Yidong
2007-02-12 4:55 ` Richard Stallman
2007-02-13 6:01 ` Chris Moore
2007-02-13 23:36 ` Richard Stallman
2007-02-06 23:16 ` Richard Stallman
2007-02-06 23:47 ` David Kastrup
2007-02-07 19:41 ` Richard Stallman
2007-02-06 1:46 ` Miles Bader
2007-02-06 11:53 ` Slawomir Nowaczyk
2007-02-06 15:15 ` Stefan Monnier
2007-02-06 15:46 ` Jason Rumney
2007-02-06 16:08 ` Chong Yidong
2007-02-06 16:58 ` Jason Rumney
2007-02-06 17:10 ` Chong Yidong
2007-02-06 23:51 ` Kim F. Storm
2007-02-07 0:03 ` Chong Yidong
2007-02-07 0:41 ` Kim F. Storm
2007-02-05 20:24 ` Juanma Barranquero
2007-02-05 20:36 ` Chong Yidong
2007-02-05 20:20 ` Chong Yidong
2007-02-05 20:33 ` Juanma Barranquero
2007-02-06 17:08 ` Richard Stallman
2007-02-06 17:56 ` Juanma Barranquero
2007-02-07 1:37 ` Richard Stallman
2007-02-07 1:42 ` Juanma Barranquero
2007-02-07 7:15 ` David Kastrup
2007-02-07 8:09 ` Juanma Barranquero
2007-02-07 19:41 ` Richard Stallman
2007-02-06 17:08 ` Richard Stallman
2007-02-06 23:46 ` Chris Moore
2007-02-06 23:58 ` Chong Yidong
2007-02-07 16:59 ` Chris Moore
2007-02-08 0:52 ` Richard Stallman
2007-02-09 17:17 ` Chris Moore
2007-02-10 9:51 ` Eli Zaretskii
2007-02-05 19:06 ` Juanma Barranquero
2007-02-05 21:27 ` Juri Linkov
2007-02-06 11:42 ` Slawomir Nowaczyk
2007-02-05 19:07 ` Lennart Borgman (gmail)
2007-02-06 9:19 ` Jason Rumney
2007-02-06 9:35 ` David Kastrup
2007-02-06 9:46 ` Lennart Borgman (gmail)
2007-02-06 10:21 ` Mathias Dahl
2007-02-06 16:50 ` Stefan Monnier
2007-02-05 21:28 ` Juri Linkov
2007-02-05 21:35 ` Lennart Borgman (gmail)
2007-02-05 21:38 ` Chong Yidong
2007-02-05 22:02 ` Stefan Monnier
2007-02-06 17:09 ` Richard Stallman
2007-02-05 11:15 ` Juanma Barranquero
2007-02-05 21:45 ` Kim F. Storm
2007-02-05 21:53 ` Chris Moore
2007-02-05 12:22 ` Miles Bader
[not found] ` <E1HEE0j-0004T3-Rc@fencepost.gnu.org>
2007-02-06 7:20 ` David Kastrup
2007-02-06 23:15 ` Richard Stallman
2007-02-06 10:53 ` Lars Magne Ingebrigtsen
2007-02-06 23:16 ` Richard Stallman
2007-02-06 12:26 ` Kim F. Storm
2007-02-06 12:46 ` David Kastrup
2007-02-06 16:48 ` Stefan Monnier
2007-02-05 18:56 ` Stefan Monnier
2007-02-05 19:08 ` Chong Yidong
2007-02-05 19:28 ` Stefan Monnier
2007-02-05 21:12 ` Chris Moore
2007-02-05 21:28 ` Juri Linkov
2007-02-06 11:09 ` Slawomir Nowaczyk
2007-02-05 19:10 ` Richard Stallman
2007-02-05 21:25 ` Chris Moore
2007-02-06 17:09 ` Richard Stallman
2007-02-06 22:54 ` David Kastrup
2007-02-07 1:37 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=39229.128.165.123.18.1170864622.squirrel@webmail.lanl.gov \
--to=herring@lanl.gov \
--cc=cyd@stupidchicken.com \
--cc=emacs-devel@gnu.org \
--cc=lekktu@gmail.com \
--cc=rms@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).