From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: The `risky-local-variable' blacklist Date: Tue, 31 Aug 2004 18:07:03 -0400 Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Message-ID: References: Reply-To: rms@gnu.org NNTP-Posting-Host: deer.gmane.org X-Trace: sea.gmane.org 1093990150 15131 80.91.224.253 (31 Aug 2004 22:09:10 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 31 Aug 2004 22:09:10 +0000 (UTC) Cc: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Sep 01 00:09:05 2004 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1C2GoL-0002pK-00 for ; Wed, 01 Sep 2004 00:09:05 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1C2GtE-00023H-W1 for ged-emacs-devel@m.gmane.org; Tue, 31 Aug 2004 18:14:09 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1C2Grt-0001LV-1g for emacs-devel@gnu.org; Tue, 31 Aug 2004 18:12:45 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1C2Grr-0001KY-3S for emacs-devel@gnu.org; Tue, 31 Aug 2004 18:12:43 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1C2Grq-0001JQ-Ry for emacs-devel@gnu.org; Tue, 31 Aug 2004 18:12:42 -0400 Original-Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.34) id 1C2Gmp-0007X1-4y for emacs-devel@gnu.org; Tue, 31 Aug 2004 18:07:31 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.34) id 1C2GmN-0007im-Ek; Tue, 31 Aug 2004 18:07:06 -0400 Original-To: Davis Herring In-reply-to: (message from Davis Herring on Mon, 30 Aug 2004 20:13:16 -0600 (MDT)) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:26661 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:26661 The problem with the change you've proposed is that we'd have to go through and find check nearly all the variables in Emacs, and mark most of them as ok to change. That is a lot of work. The default is already no for the kinds of variable names that are typically used for dangerous variables, those that hold commands, function names, expressions, etc. Given that Emacs users don't regularly get files in the mail and give their local variables a chance to run, I don't think we have enough of a danger to justify all that work. * Do not make `compile-command' safe; This is a commonly used feature. Simply eliminating it would make users quite unhappy. Here's an idea that might do the job and be acceptable. Each time Emacs sees a variable/value combination that is new for the current user, it asks the user to confirm that combination. Any given combination only needs to be confirmed once by any given user. This could reduce the repetitive nuisance down to the point where people will (1) accept the burden and (2) not zone out when they see the questions. What do you think? Also, the protection versus honoring `eval' settings when root does little good since it does not apply in other cases; anyone interested in rooting via Emacs surely knows this. Sorry, I do not follow you here. * Do not use `enable-local-eval' as a local flag to prevent dangerous bugs in its handling; Why not?