From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: David Kastrup <dak@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Image mode
Date: Tue, 06 Feb 2007 12:10:50 +0100
Message-ID: <868xfbmthh.fsf@lola.quinscape.zz>
References: <87k5yxeg19.fsf@jurta.org> <87iregmafd.fsf@stupidchicken.com>
	<f7ccd24b0702051617x1198e663ha8b9879d325bc4d3@mail.gmail.com>
	<86irefojcc.fsf@lola.quinscape.zz>
	<f7ccd24b0702060030s5e26387ase207f4393a5601b5@mail.gmail.com>
	<86tzxzn0bx.fsf@lola.quinscape.zz>
	<f7ccd24b0702060106n51990424sbeaf4e407677af81@mail.gmail.com>
	<86ps8nmy95.fsf@lola.quinscape.zz>
	<f7ccd24b0702060143r3512d3e8qb0ebfe79e2875e0d@mail.gmail.com>
	<86d54nmve9.fsf@lola.quinscape.zz>
	<f7ccd24b0702060257j4f1c677dx102ae57db902021b@mail.gmail.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1170760291 13933 80.91.229.12 (6 Feb 2007 11:11:31 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Tue, 6 Feb 2007 11:11:31 +0000 (UTC)
Cc: Chong Yidong <cyd@stupidchicken.com>, emacs-devel@gnu.org
To: "Juanma Barranquero" <lekktu@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Feb 06 12:11:26 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1HEOEP-0002Td-OV
	for ged-emacs-devel@m.gmane.org; Tue, 06 Feb 2007 12:11:26 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1HEOEM-0002wF-5h
	for ged-emacs-devel@m.gmane.org; Tue, 06 Feb 2007 06:11:22 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1HEOE8-0002tq-CD
	for emacs-devel@gnu.org; Tue, 06 Feb 2007 06:11:08 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1HEOE7-0002tU-7F
	for emacs-devel@gnu.org; Tue, 06 Feb 2007 06:11:08 -0500
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1HEOE7-0002tR-3T
	for emacs-devel@gnu.org; Tue, 06 Feb 2007 06:11:07 -0500
Original-Received: from pc3.berlin.powerweb.de ([62.67.228.11])
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1HEOE6-0002d8-NT
	for emacs-devel@gnu.org; Tue, 06 Feb 2007 06:11:07 -0500
Original-Received: from quinscape.de (pd95b0fdb.dip0.t-ipconnect.de [217.91.15.219])
	by pc3.berlin.powerweb.de (8.9.3p3/8.9.3) with ESMTP id MAA08628
	for <emacs-devel@gnu.org>; Tue, 6 Feb 2007 12:11:00 +0100
X-Delivered-To: <emacs-devel@gnu.org>
Original-Received: (qmail 13055 invoked from network); 6 Feb 2007 11:11:02 -0000
Original-Received: from unknown (HELO lola.quinscape.zz) ([10.0.3.43])
	(envelope-sender <David.Kastrup@QuinScape.de>)
	by ns.quinscape.de (qmail-ldap-1.03) with SMTP
	for <lekktu@gmail.com>; 6 Feb 2007 11:11:02 -0000
Original-Received: by lola.quinscape.zz (Postfix, from userid 1001)
	id A4AA6C2BB7; Tue,  6 Feb 2007 12:10:50 +0100 (CET)
In-Reply-To: <f7ccd24b0702060257j4f1c677dx102ae57db902021b@mail.gmail.com>
	(Juanma Barranquero's message of "Tue\,
	6 Feb 2007 11\:57\:58 +0100")
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)
X-detected-kernel: Linux 2.4-2.6
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:66008
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/66008>

"Juanma Barranquero" <lekktu@gmail.com> writes:

> On 2/6/07, David Kastrup <dak@gnu.org> wrote:
>
>> Well, _we_ don't know about any vulnerabilities either at the moment,
>> so it would seem that it does not make much sense to talk about
>> anything in this discussion.
>
> Very funny, but obviously we were talking about the (possibility of)
> vulnerabilities the user *doesn't* know about...
>
>> Not that it does not feel like that...
>
> More and more...
>
>> And are you telling me that all the junk mails
>> that want me to click on something have a sender I know?
>
> No. I'm saying that the virus your computer will catch won't come in a
> .jpg file hiding as a .c or .txt or whatever. It will come in a .jpg
> "hiding" as a .jpg from a source you'll consider trusted or, at the
> very least, non threatening.

But it cannot be the business of Emacs to decide about the
trustworthiness of a source.  It is the job of the user.  And it also
is the choice of the user whether he trusts a particular image library
for opening a particular file from a particular source.  The user
can't do this job if he is mistaken about the libraries that will
likely get used.

Anyway, I say you are wrong: lots of attacks are done by having people
click on links and/or let them open file types that look like they are
something different.

My arguments revolve about letting the user do his part with regard to
security, yours revolve about the user being incapable to do it, and
letting Emacs do a job that can't be done by it.

-- 
David Kastrup