Re: Image mode

[David Kastrup <dak@gnu.org>]

Richard Stallman <rms@gnu.org> writes:

>     But it cannot be the business of Emacs to decide about the
>     trustworthiness of a source.  It is the job of the user.
>
> Most users don't have any idea how to judge this, any more than I
> do.

I have more of an opinion about the various people sending me mail
than Emacs ever will.

> It would never occur to us to suspect that displaying an image as an
> image might do some harm.  And even if we did think of the
> possibility, there is no practical thing we could do about it.  If I
> want to see what the image looks like, what am I going to do except
> view it?

But the user can decide whether he wants to view an image.  He can't
decide this if there is no indication for him that Emacs is going to
treat the file as an image when opening it.

> What good does it do me to avoid displaying a image named foo.txt if
> I don't avoid displaying an image named foo.jpg?

Who is "I"?  If it is supposed to be "Emacs", we are not concerned
about its good: it is not a sentient being.  If it is supposed to be
"Richard", I should be surprised seeing you display an image.

There is no sense in continuing to conflate user and editor.

I am, by now, sick to the bone of continuing arguing against this
nonsensical proposition that the user is too stupid to even be allowed
to have a word in deciding whether he wants something viewed or not.

_We_ can only cater for the job of Emacs.  We can't replace the user.
It is the user who will have to clean up the computer after an attack.
So it is only fair that we give him the information he needs for a
qualified decision _Emacs_ can't possibly make.  If he can't use this
information to his advantage, it is still _his_ responsibility, and he
can learn.

It is like democracy.  Most people appear incapable of casting a
well-qualified and well-informed vote, but there is nobody else to do
the job, and they are the ones, after all, that have to bear the
consequences.

>     In fact, if anything I'm arguing against security warnings; my
>     point is that we cannot reliably protect the user. Believing
>     that a match between contents and file extension should somehow
>     be more trusted is false security.
>
> I think so too.

This is my last contribution to this thread, since I am thoroughly
sick of people repeating do thresh that dead straw horse.

For crying out loud: a match between contents and file extension
merely indicates that we have no security-relevant information to
provide to the user that he can not reasonably expect, anyway.  This
is _not_ about Emacs trusting a file: it is about giving the user
information that lets him decide whether to trust having it displayed
in the manner Emacs would choose when looking at its contents (which
the user has had no possibility to examine yet) as opposed to its
filename (which the user has already seen).

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum