From mboxrd@z Thu Jan 1 00:00:00 1970 From: Carsten Dominik Subject: Re: Re: [ANN] Org-babel integrated into Org-mode Date: Wed, 30 Jun 2010 15:24:45 +0200 Message-ID: <3BC0A94F-7F20-48C5-886F-65497EE1B3ED@gmail.com> References: <87wrtp78rg.fsf@gmail.com> <874oglofzs.fsf@fastmail.fm> <87ocesn0li.fsf@fastmail.fm> Mime-Version: 1.0 (Apple Message framework v936) Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Return-path: Received: from [140.186.70.92] (port=50099 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OTxHd-0008MZ-G0 for emacs-orgmode@gnu.org; Wed, 30 Jun 2010 09:24:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OTxHc-0003gV-5P for emacs-orgmode@gnu.org; Wed, 30 Jun 2010 09:24:57 -0400 Received: from mail-wy0-f169.google.com ([74.125.82.169]:61647) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OTxHc-0003gM-1H for emacs-orgmode@gnu.org; Wed, 30 Jun 2010 09:24:56 -0400 Received: by wyb39 with SMTP id 39so951069wyb.0 for ; Wed, 30 Jun 2010 06:24:54 -0700 (PDT) In-Reply-To: <87ocesn0li.fsf@fastmail.fm> List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org To: Matthew Lundin Cc: Org Mode On Jun 30, 2010, at 2:53 PM, Matthew Lundin wrote: > Hi Carsten, > > Thanks so much both for thinking this through. And thanks again, Eric, > for your work in integrating org-babel into org-mode---including > taking > into account a humble user's concerns! :) > > Carsten Dominik writes: > >> Here is what I propose (several items are similar to what Eric >> proposes) >> >> 1. A new variable org-turn-on-babel. We can discuss the default. >> If it is nil, org-babel should not be loaded. >> A default of t would be fine with me if we implement other >> measures listed below. > > I think the default should be t, but I also like giving users the > option > of not loading org-babel. > >> 2. As Eric proposes, a variable similar to org-confirm-shell-link- >> function >> This should by default query for confirmation on any org-babel >> code execution, and can be configured to shut up by people who know >> what they are doing. >> >> 3. Not loading emacs lisp evaluation by default. >> >> 4. A new key in the babel keymap for org-babel-execute-code-block, >> for example `C-c C-v e'. This should be documented as the default >> key for this operation. >> >> 5. Removing org-babel-execute-code-block from `C-c C-c'. Inclusion >> should be optional. >> >> 6. A section in the manual on code execution and associated security >> risks in Org mode. This is not only about babel, but also about >> org-eval, org-eval-light, shell links and elisp links. I have >> meant >> to write this section for a long time and would be willing to >> draft it. We could then refer to this section from a couple of >> places in the docs, without cluttering the docs with disclaimers. > > With safeguards with 2, 4, 5, and 6, would it be safe to skip #3 and > load emacs-lisp evaluation by default? The primary risk right now is > that C-c C-c is so easy to press. But if we change the keybinding and > add a default warning, I believe the emacs-lisp evaluation would not > pose undue dangers. I agree. > After all, emacs already makes it easy to evaluate > emacs-lisp code. IMO, other languages are a bit more dangerous, since > they are "out of context" in an org-mode document---i.e., one is not > necessarily as cautious about the pitfalls of executing shell > commands, > perl code, etc. as one is when using the command line or executing a > script. Yes. Emacs Lisp is of course just as dangerous as the shell or anything else when it comes to malicious intent, but for running code by mistake it is much less dangerous than the shell, because usually elisp code deals with stuff inside Emacs and not so much on the system. - Carsten