bug#21702: shell-quote-argument semantics and safety

[Eli Zaretskii <eliz@gnu.org>]

> From: taylanbayirli@gmail.com (Taylan Ulrich Bayırlı/Kammer)
> Cc: 21702@debbugs.gnu.org
> Date: Mon, 19 Oct 2015 11:22:16 +0200
> 
> > Like I said, this convention should be adopted project-wide.  Doing so
> > only in a few doc strings, let alone one, will only confuse, because
> > the user will not know whether the lack of such documentation means
> > the API is safe or unsafe.
> 
> Yes, it should be done for every function for which the concerns I've
> explained apply.  So let's start from this one.

Before we start, we need a _decision_ to do that everywhere.  Then we
could start doing that piecemeal.  Before the decision is made,
there's no reason to make any such changes.

> >> I would propose something along the lines of:
> >> 
> >>     It is guaranteed that ARGUMENT will be parsed as a single token by
> >>     shells X, Y, and Z, as long as it is separated from other text via a
> >>     delimiter in the syntax of the respective shell.
> >
> > I don't think we want to mention specific shells explicitly, because
> > maintaining such a list would be a burden.  The standard shell of each
> > OS is well defined and known to the users of the respective systems.
> > Moreover, Emacs by default uses that shell automatically.
> 
> For instance: POSIX sh, MS-DOS, and Windows NT, is not a long list.

This list doesn't name shells on DOS and Windows (there are several
good candidates).  As for Posix, is it only sh?  What about Bash? what
about zsh?

You see, the moment you come up with a list such as above, people will
start complaining that their favorite shell is not in the list, and
the list will grow.  Then we will discover that some shells are not
really compatible after all, etc. etc.  It's a maintenance burden we
had better avoided.

Saying "the standard shell" avoids all that nicely, because it refers
to a single well-known shell.

> I don't understand what "a shell command doesn't need to be quoted to be
> harmful" is supposed to mean

Something like this:

  rm -rf /*

> Here's a patch doing an improvement to the documentation like the one I
> proposed.  Of course, if you have verified that shells other than POSIX
> sh are fully safe, feel free to improve the docstring accordingly.

Thanks.  However, like I said, I don't think this change would be
correct, or needed.