From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: David Kastrup Newsgroups: gmane.emacs.devel Subject: Re: Emacs Lisp's future Date: Mon, 06 Oct 2014 19:53:46 +0200 Message-ID: <87tx3hccet.fsf@fencepost.gnu.org> References: <54193A70.9020901@member.fsf.org> <87wq8pwjen.fsf@uwakimon.sk.tsukuba.ac.jp> <837g0ptnlj.fsf@gnu.org> <87r3yxwdr6.fsf@uwakimon.sk.tsukuba.ac.jp> <87tx3tmi3t.fsf@fencepost.gnu.org> <834mvttgsf.fsf@gnu.org> <87lhp5m99w.fsf@fencepost.gnu.org> <87h9ztm5oa.fsf@fencepost.gnu.org> <87d2ahm3nw.fsf@fencepost.gnu.org> <871tqneyvl.fsf@netris.org> <87d2a54t1m.fsf@yeeloong.lan> <83lhotme1e.fsf@gnu.org> <871tql17uw.fsf@yeeloong.lan> <838uktm9gw.fsf@gnu.org> <87ppe5rt5l.fsf@uwakimon.sk.tsukuba.ac.jp> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1412629491 29893 80.91.229.3 (6 Oct 2014 21:04:51 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 6 Oct 2014 21:04:51 +0000 (UTC) Cc: rms@gnu.org, Mark H Weaver , dmantipov@yandex.ru, emacs-devel@gnu.org, handa@gnu.org, monnier@iro.umontreal.ca, Eli Zaretskii To: "Stephen J. Turnbull" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Oct 06 23:04:42 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XbFSS-00047C-1k for ged-emacs-devel@m.gmane.org; Mon, 06 Oct 2014 23:04:40 +0200 Original-Received: from localhost ([::1]:54397 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbFSR-0000yb-Lm for ged-emacs-devel@m.gmane.org; Mon, 06 Oct 2014 17:04:39 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56487) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbFSM-0000vb-M6 for emacs-devel@gnu.org; Mon, 06 Oct 2014 17:04:35 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XbFSK-0007Uj-Cw for emacs-devel@gnu.org; Mon, 06 Oct 2014 17:04:34 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:52046) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbFSK-0007Uf-9u for emacs-devel@gnu.org; Mon, 06 Oct 2014 17:04:32 -0400 Original-Received: from localhost ([127.0.0.1]:59216 helo=lola) by fencepost.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XbFS6-0004ea-CL; Mon, 06 Oct 2014 17:04:18 -0400 Original-Received: by lola (Postfix, from userid 1000) id 3F771E05D9; Mon, 6 Oct 2014 19:53:46 +0200 (CEST) In-Reply-To: <87ppe5rt5l.fsf@uwakimon.sk.tsukuba.ac.jp> (Stephen J. Turnbull's message of "Tue, 07 Oct 2014 02:43:02 +0900") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:175051 Archived-At: "Stephen J. Turnbull" writes: > Eli Zaretskii writes: > > > From: Mark H Weaver > > > > It doesn't matter how these raw bytes are encoded internally. No > > > matter what mechanism we use to accomplish it, propagating > > > invalid byte sequences by default is bad security policy. > > > > How can we be responsible for byte streams that originated outside? > > By taking responsibility for them. ;-) > > > That's the responsibility of the source. And if there is a consumer, > > then it is their responsibility not to trip upon such bytes. > > Not in a security context. In a security context, you want defense in > depth: all separately developed components cooperate in covering up > each others' bugs by handling input carefully and refusing to transmit > broken output unless that is explicitly requested by the consumer (and > you trust it to know what it's doing when it says, "don't worry, I can > handle anything"!) In a security relevant context, you would just not reencode before passing the information back to the outside. -- David Kastrup