From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: Emacs Lisp's future Date: Wed, 08 Oct 2014 21:19:40 -0400 Message-ID: References: <54193A70.9020901@member.fsf.org> <87lhp6h4zb.fsf@panthera.terpri.org> <87k34qo4c1.fsf@fencepost.gnu.org> <54257C22.2000806@yandex.ru> <83iokato6x.fsf@gnu.org> <87wq8pwjen.fsf@uwakimon.sk.tsukuba.ac.jp> <837g0ptnlj.fsf@gnu.org> <87r3yxwdr6.fsf@uwakimon.sk.tsukuba.ac.jp> <87tx3tmi3t.fsf@fencepost.gnu.org> <834mvttgsf.fsf@gnu.org> <87lhp5m99w.fsf@fencepost.gnu.org> <87h9ztm5oa.fsf@fencepost.gnu.org> <87d2ahm3nw.fsf@fencepost.gnu.org> <871tqneyvl.fsf@netris.org> <87zjd9swfj.fsf@uwakimon.sk.tsukuba.ac.jp> <87oatnqpml.fsf@uwakimon.sk.tsukuba.ac.jp> Reply-To: rms@gnu.org NNTP-Posting-Host: plane.gmane.org Content-Type: text/plain; charset=ISO-8859-15 X-Trace: ger.gmane.org 1412817605 28061 80.91.229.3 (9 Oct 2014 01:20:05 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 9 Oct 2014 01:20:05 +0000 (UTC) Cc: dak@gnu.org, mhw@netris.org, dmantipov@yandex.ru, emacs-devel@gnu.org, handa@gnu.org, monnier@iro.umontreal.ca, eliz@gnu.org To: "Stephen J. Turnbull" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Oct 09 03:20:00 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xc2Od-0004F6-M4 for ged-emacs-devel@m.gmane.org; Thu, 09 Oct 2014 03:19:59 +0200 Original-Received: from localhost ([::1]:39346 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xc2Ob-0003kg-74 for ged-emacs-devel@m.gmane.org; Wed, 08 Oct 2014 21:19:57 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:54248) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xc2OP-0003kO-0m for emacs-devel@gnu.org; Wed, 08 Oct 2014 21:19:45 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xc2OM-0006V8-1q for emacs-devel@gnu.org; Wed, 08 Oct 2014 21:19:44 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:55522) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xc2OL-0006V2-VB for emacs-devel@gnu.org; Wed, 08 Oct 2014 21:19:41 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1Xc2OK-0001mE-Ct; Wed, 08 Oct 2014 21:19:40 -0400 In-reply-to: <87oatnqpml.fsf@uwakimon.sk.tsukuba.ac.jp> (stephen@xemacs.org) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:175154 Archived-At: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] I just want to make sure that Emacs developers in general are aware that if string properties are added to Guile itself, Emacs will be a potential vector for attacks. If you demonstrate that this claim is valid, I will be concerned. For example, by providing a "back channel" for malicious information So what? How would this affect what anyone can do? There are many other channels to communicate data from one part of a Scheme program to another, so how would this additional channel make a practical difference? Why object to adding a window in a wall that has so many doorways already? If you show me that there is some real and useful form of security, which adding string property lists would break, you could convince me that there is a real issue of security here. What I advocate is that string properties should be implemented by using Guile facilities for defining types, not by changing Guile. It would be a pain in the neck if Emacs strings were something different from Guile strings. If you want to argue that security justifies this pain, you need to show it is real security and really does a useful job. -- Dr Richard Stallman President, Free Software Foundation 51 Franklin St Boston MA 02110 USA www.fsf.org www.gnu.org Skype: No way! That's nonfree (freedom-denying) software. Use Ekiga or an ordinary phone call.