From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: trusted-content seems to have effect only with sources specified.
Date: Sat, 28 Dec 2024 11:38:34 +0200
Message-ID: <86ed1suoyt.fsf@gnu.org>
References: <m2bjwx4nf2.fsf@gmail.com> <861pxty189.fsf@gnu.org>
 <m2y100k9up.fsf@gmail.com>
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="15886"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: emacs-devel@gnu.org
To: Michelangelo Rodriguez <michelangelo.rodriguez@gmail.com>,
 Stefan Monnier <monnier@iro.umontreal.ca>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sat Dec 28 10:39:36 2024
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1tRTIG-00040F-QR
	for ged-emacs-devel@m.gmane-mx.org; Sat, 28 Dec 2024 10:39:36 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1tRTHP-0007t8-D0; Sat, 28 Dec 2024 04:38:43 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>) id 1tRTHJ-0007su-S6
 for emacs-devel@gnu.org; Sat, 28 Dec 2024 04:38:38 -0500
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1tRTHI-0004wm-Kf; Sat, 28 Dec 2024 04:38:36 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=qQY/xxQyfUPVsM5H/7Xjfn8usbLVPLnaF6S5wncwMyo=; b=XOTEuPImY6e5
 o8fR38GBKFT+FSVSiuRqwHjaOVGBPD8K7hBSEWJrVZTt5NC81hBI5hDNhI+0ATG1YofKV5/9tooSp
 AxevzqnEVnVD+EMtVUMAML76xRmYWdR9YCvrSJnmiKcDD33zyyuxuhf3oxqpeFhyJ1fbzovkorunu
 RhxwLOGOYHn3w9INTxhOdCyUIu4UrbZ2SebRO2022phR49ezlkJV58MjAzxJtCu/qMcSNzHmrGYZu
 OXU4FCy15RbXEtlThIfXvW4R5cedoN4af8r4kLezfe3w+9BnYgzK1be8YOW/vCz+xeWm+YmPReSzf
 ocjhJA4dtr4awzxuA5GmbA==;
In-Reply-To: <m2y100k9up.fsf@gmail.com> (message from Michelangelo Rodriguez
 on Sat, 28 Dec 2024 00:02:54 +0100)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:327247
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/327247>

> From: Michelangelo Rodriguez <michelangelo.rodriguez@gmail.com>
> Date: Sat, 28 Dec 2024 00:02:54 +0100
> 
> I discovered the issue, i think.
> Incidentally the packages i refer in `trusted-content' are installed via
> `package-vc-install-from-checkout', that generates a symlink in the
> directory in which we install our packages.
> If i specify in `trusted-content' the symlink, it generates the error.
> So we should specify only real paths.

I think it's a feature: it will catch the case of a malicious symlink
that redirects your trusted file/directory to a different place.

Stefan, do you agree?