From: Richard Stallman <rms@gnu.org>
Cc: emacs-devel@gnu.org
Subject: Re: The `risky-local-variable' blacklist
Date: Tue, 31 Aug 2004 18:07:03 -0400 [thread overview]
Message-ID: <E1C2GmN-0007im-Ek@fencepost.gnu.org> (raw)
In-Reply-To: <Pine.LNX.4.44.0408301850400.31548-100000@x-mail.lanl.gov> (message from Davis Herring on Mon, 30 Aug 2004 20:13:16 -0600 (MDT))
The problem with the change you've proposed is that we'd have to go
through and find check nearly all the variables in Emacs, and mark
most of them as ok to change. That is a lot of work.
The default is already no for the kinds of variable names
that are typically used for dangerous variables, those that
hold commands, function names, expressions, etc. Given that
Emacs users don't regularly get files in the mail and give
their local variables a chance to run, I don't think we have
enough of a danger to justify all that work.
* Do not make `compile-command' safe;
This is a commonly used feature. Simply eliminating it would make
users quite unhappy.
Here's an idea that might do the job and be acceptable. Each time
Emacs sees a variable/value combination that is new for the current
user, it asks the user to confirm that combination. Any given
combination only needs to be confirmed once by any given user. This
could reduce the repetitive nuisance down to the point where people
will (1) accept the burden and (2) not zone out when they see the
questions.
What do you think?
Also, the protection versus honoring `eval' settings when root does little
good since it does not apply in other cases; anyone interested in rooting
via Emacs surely knows this.
Sorry, I do not follow you here.
* Do not use `enable-local-eval' as a local flag to prevent dangerous bugs
in its handling;
Why not?
next prev parent reply other threads:[~2004-08-31 22:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-31 2:13 The `risky-local-variable' blacklist Davis Herring
2004-08-31 14:01 ` Stefan
2004-08-31 21:42 ` Davis Herring
2004-08-31 22:43 ` Stefan
2004-08-31 23:18 ` Davis Herring
2004-08-31 22:07 ` Richard Stallman [this message]
2004-08-31 23:07 ` Davis Herring
2004-09-01 19:24 ` Richard Stallman
2004-09-01 7:11 ` Kim F. Storm
2004-09-01 14:36 ` Stefan Monnier
2004-09-02 4:53 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1C2GmN-0007im-Ek@fencepost.gnu.org \
--to=rms@gnu.org \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).