From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: David Kastrup <dak@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Emacs Lisp's future
Date: Thu, 09 Oct 2014 10:05:55 +0200
Message-ID: <87y4sp6524.fsf@fencepost.gnu.org>
References: <54193A70.9020901@member.fsf.org>
	<E1XatgY-00062K-7y@fencepost.gnu.org> <87d2a54t1m.fsf@yeeloong.lan>
	<83lhotme1e.fsf@gnu.org> <871tql17uw.fsf@yeeloong.lan>
	<838uktm9gw.fsf@gnu.org> <E1XbVNk-0005OC-84@fencepost.gnu.org>
	<87h9zgarvp.fsf@fencepost.gnu.org> <87mw97rjwm.fsf@yeeloong.lan>
	<mvmppe3ew0h.fsf@hawking.suse.de> <8761fvn8io.fsf@yeeloong.lan>
	<87egujahw6.fsf@fencepost.gnu.org> <87wq8bd8w2.fsf@netris.org>
	<87y4sr909s.fsf@fencepost.gnu.org> <87ppe3lbkr.fsf@yeeloong.lan>
	<87oatn8dqz.fsf@fencepost.gnu.org> <87eguili20.fsf@yeeloong.lan>
	<87siiy7e0p.fsf@fencepost.gnu.org>
	<8761ftrki2.fsf@uwakimon.sk.tsukuba.ac.jp>
	<87bnpl7ubo.fsf@fencepost.gnu.org>
	<87tx3dpul5.fsf@uwakimon.sk.tsukuba.ac.jp>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1412841976 5549 80.91.229.3 (9 Oct 2014 08:06:16 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 9 Oct 2014 08:06:16 +0000 (UTC)
Cc: Richard Stallman <rms@gnu.org>, Mark H Weaver <mhw@netris.org>,
	dmantipov@yandex.ru, emacs-devel@gnu.org, handa@gnu.org,
	monnier@iro.umontreal.ca, Andreas Schwab <schwab@suse.de>,
	Eli Zaretskii <eliz@gnu.org>
To: "Stephen J. Turnbull" <stephen@xemacs.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Oct 09 10:06:08 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xc8jg-0007Tt-AE
	for ged-emacs-devel@m.gmane.org; Thu, 09 Oct 2014 10:06:08 +0200
Original-Received: from localhost ([::1]:40944 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xc8jf-0007yC-R9
	for ged-emacs-devel@m.gmane.org; Thu, 09 Oct 2014 04:06:07 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33367)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <dak@gnu.org>)
	id 1Xc8jc-0007w8-95
	for emacs-devel@gnu.org; Thu, 09 Oct 2014 04:06:05 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dak@gnu.org>) id 1Xc8jb-0004M0-BT
	for emacs-devel@gnu.org; Thu, 09 Oct 2014 04:06:04 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:33610)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <dak@gnu.org>)
	id 1Xc8jb-0004Lu-96
	for emacs-devel@gnu.org; Thu, 09 Oct 2014 04:06:03 -0400
Original-Received: from localhost ([127.0.0.1]:40784 helo=lola)
	by fencepost.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dak@gnu.org>)
	id 1Xc8jU-0004JZ-3q; Thu, 09 Oct 2014 04:05:56 -0400
Original-Received: by lola (Postfix, from userid 1000)
	id AF804E0500; Thu,  9 Oct 2014 10:05:55 +0200 (CEST)
In-Reply-To: <87tx3dpul5.fsf@uwakimon.sk.tsukuba.ac.jp> (Stephen J. Turnbull's
	message of "Thu, 09 Oct 2014 16:31:50 +0900")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2001:4830:134:3::e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:175175
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/175175>

"Stephen J. Turnbull" <stephen@xemacs.org> writes:

> David Kastrup writes:
>
>  > > who may lose their life savings if a filter for 419 phish fails
>  > 
>  > Can we have terrorism with that scaremongering?
>
> Are you really unaware that such exploits happen every day?

So does terrorism.  But the existence of threats is no excuse for
handwaving justifications of measures that do nothing to address the
threats.

> You're not the only programmer who deprecates security because *your*
> applications are "secure enough" and it "can't" happen to you, you
> know.

At the current point of time, we are more talking about deprecating
security theatre rather than security.  Primitive operations that fail
rather than process and pass on information are attack vectors for
denial-of-service attacks.

> Unfortunately, I'm not the one who lacks understanding.  I'm well
> aware that security is costly in convenience and functionality.

How about you explain in what respect XEmacs' non-round-trippability of
utf-8 encoding helps with the security of running AUCTeX?

How about explaining in what respect it helps with security in _any_
regard that XEmacs is not able to faithfully reproduce its input?  How
are you even supposed to _scan_ for malicious input if you refuse to
decode it in recognizable manner?

Again: the responsibilities of an engine and of an application are
different.  And not understanding that and thinking that the former can
somehow absolve the latter from doing its job if it is annoying
enough...  Security theatre.

-- 
David Kastrup