From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Daniel Colascione <dancol@dancol.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Security flaw in EDE; new release plans
Date: Sun, 08 Jan 2012 23:26:19 -0800
Message-ID: <4F0A969B.9020806@dancol.org>
References: <8739bp8l3g.fsf@gnu.org> <4F0A8A27.50704@dancol.org>
	<878vlhz76j.fsf@gnu.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig7E3DCEBED54B50255B22F7C1"
X-Trace: dough.gmane.org 1326093998 28994 80.91.229.12 (9 Jan 2012 07:26:38 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 9 Jan 2012 07:26:38 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: Chong Yidong <cyd@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jan 09 08:26:34 2012
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Rk9cn-0004w3-Vg
	for ged-emacs-devel@m.gmane.org; Mon, 09 Jan 2012 08:26:34 +0100
Original-Received: from localhost ([::1]:55295 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Rk9cn-0006xy-5X
	for ged-emacs-devel@m.gmane.org; Mon, 09 Jan 2012 02:26:33 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92]:58955)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dancol@dancol.org>) id 1Rk9cj-0006xg-Mq
	for emacs-devel@gnu.org; Mon, 09 Jan 2012 02:26:30 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dancol@dancol.org>) id 1Rk9ci-0003oa-FG
	for emacs-devel@gnu.org; Mon, 09 Jan 2012 02:26:29 -0500
Original-Received: from dancol.org ([96.126.100.184]:60752)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dancol@dancol.org>)
	id 1Rk9cg-0003oF-Ix; Mon, 09 Jan 2012 02:26:26 -0500
Original-Received: from c-24-18-179-193.hsd1.wa.comcast.net ([24.18.179.193]
	helo=edith.local)
	by dancol.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.72) (envelope-from <dancol@dancol.org>)
	id 1Rk9cf-0002sc-1R; Sun, 08 Jan 2012 23:26:25 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:8.0) Gecko/20111105 Thunderbird/8.0
In-Reply-To: <878vlhz76j.fsf@gnu.org>
X-Enigmail-Version: 1.3.4
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 96.126.100.184
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:147503
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/147503>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig7E3DCEBED54B50255B22F7C1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 1/8/12 11:06 PM, Chong Yidong wrote:
> Daniel Colascione <dancol@dancol.org> writes:
>=20
>> I never got around to committing the patch below to the emacs-23
>> branch. Would it be okay to add it before the 23.4 release?
>>
>> + (put 'lexical-binding 'safe-local-variable t)
>=20
> What's the rationale?  If Emacs 23 users try to load Lisp libraries tha=
t
> use lexical binding, that will tend to lead to bugs, so why make it
> *easier* for that to happen?

My proposed patch makes it painless to edit Emacs 24 lisp using Emacs
23. A user might want to read or backport Emacs 24 lisp files, and
because it's possible to write lisp that works correctly whether
lexical-binding is on or off, a user might even legitimately want to
load these files.

The warning about the lexical-binding variable appears only when a
user tries to edit a file with lexical-binding. If an Emacs 23 user
tries to load or compile such a file, he won't receive a warning. If
we wants to guard against loading a file in an Emacs without support
for lexical-binding, an (assert (boundp 'lexical-binding)) at toplevel
should do the trick; a more general solution would be to add code to
the Emacs 23 lisp reader or byte compiler to reject files that specify
lexical-binding.

As far as editing itself is concerned, though, lexical-binding is
indeed a harmless variable in Emacs 23: inert, sure, but harmless.


--------------enig7E3DCEBED54B50255B22F7C1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAk8KlpwACgkQ17c2LVA10VvJcACg5hvO6livVuEfBuKaqXeH3tew
21oAnjNqOWpeWNgkypd/9bPOHRIfwTJd
=jTT3
-----END PGP SIGNATURE-----

--------------enig7E3DCEBED54B50255B22F7C1--