From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#75017: 31.0.50; Untrusted user lisp files Date: Sat, 28 Dec 2024 14:30:21 +0200 Message-ID: <86o70wrnvm.fsf@gnu.org> References: <87bjx43gp7.fsf@pub.pink> <86frmg6xzf.fsf@gnu.org> <86ldw75zrd.fsf@gnu.org> <9a4969f4-858e-4493-a69f-8ca9b2861917@gutov.dev> <868qs75uwp.fsf@gnu.org> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@gutov.dev> <865xna60oj.fsf@gnu.org> <4ff33026-e509-41d0-8d02-e67db644a797@gutov.dev> <87ed1tpobf.fsf@zephyr.silentflame.com> <86zfkhwmj7.fsf@gnu.org> <871pxtp7rc.fsf@zephyr.silentflame.com> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="24818"; mail-complaints-to="usenet@ciao.gmane.io" Cc: dmitry@gutov.dev, jm@pub.pink, stefankangas@gmail.com, 75017@debbugs.gnu.org To: Sean Whitton , Stefan Monnier Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Dec 28 13:31:27 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tRVyY-0006IN-HN for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 28 Dec 2024 13:31:26 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tRVyD-0004Ah-Qw; Sat, 28 Dec 2024 07:31:05 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tRVyD-0004AS-3C for bug-gnu-emacs@gnu.org; Sat, 28 Dec 2024 07:31:05 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tRVyA-0000As-FD for bug-gnu-emacs@gnu.org; Sat, 28 Dec 2024 07:31:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=References:In-Reply-To:From:Date:To:Subject; bh=jCeDeTfLEWunOHTlSqVXTfohMizNdeFheawrbB+bLV0=; b=VCIHneD/rNfG5//it2nIvn3KaQ6JSn0x/WKKeRcUljzwZ566omPdGDyfjy2aYqfr+LcosLBY+6oNIgs9ryT1a+7a+A8x8a2ToMhILyi5N2t0UXPLqWyogW7+j1auOgMHwwjBUeRb0+PVGI4dzRiz9ySvBDyfBoWuWgbS5jmulROEZwa5JgZjKs2mq11in0K6+IEVHB3lHybWUYSuT5R4fnrbUkqe2LEx8NPI7ah5pJloF4lCIJGJ7t7xTSlN3N064gGju1bf5GLveaGVw9ohTtLFJS3FW5Jzw97+CzmUtof/bhNHTbe/liJempJUUgSeyTRwEBmZnoXSR0LCycG6ow==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tRVyA-0002T0-9u for bug-gnu-emacs@gnu.org; Sat, 28 Dec 2024 07:31:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 28 Dec 2024 12:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75017 X-GNU-PR-Package: emacs Original-Received: via spool by 75017-submit@debbugs.gnu.org id=B75017.17353890329430 (code B ref 75017); Sat, 28 Dec 2024 12:31:02 +0000 Original-Received: (at 75017) by debbugs.gnu.org; 28 Dec 2024 12:30:32 +0000 Original-Received: from localhost ([127.0.0.1]:49680 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tRVxg-0002S2-7d for submit@debbugs.gnu.org; Sat, 28 Dec 2024 07:30:32 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:53862) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tRVxe-0002Rm-43 for 75017@debbugs.gnu.org; Sat, 28 Dec 2024 07:30:31 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tRVxY-00006X-5P; Sat, 28 Dec 2024 07:30:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=jCeDeTfLEWunOHTlSqVXTfohMizNdeFheawrbB+bLV0=; b=ijuo3A4a2Gxy Y+26tQH6wQa4VTNJKT04mm/kXIxOIIn0eeWL2NQij9tWpQIzXXRslbYPVOzCMzZzq2Xi5iN+jsX/h 6MeSo6YNqDoWn839JjeLxl/+obOVOT3AZn9nT9yFzV4OfOcsWBRw/JSy4bccacS30XCUPsUBTDbnH 81u9ms6UA+4dYW1343BrXcsS8HibK9umwvh6zjetk1xn86TY3/ft4oBQXVI+9wEjfK4oNGQZ2LNzo NDeeYQqhVGgIMGr7Lg7WyJbuJsLBgNWIwHIia+5ZapgnHzDaIuJRj8dMVX8jecHid4nMWxZXySIP5 8GwjXUCRTI20s3os2JnhPg==; In-Reply-To: <871pxtp7rc.fsf@zephyr.silentflame.com> (message from Sean Whitton on Fri, 27 Dec 2024 13:36:55 +0000) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297898 Archived-At: > From: Sean Whitton > Cc: dmitry@gutov.dev, jm@pub.pink, stefankangas@gmail.com, > 75017@debbugs.gnu.org > Date: Fri, 27 Dec 2024 13:36:55 +0000 > > > I think this is the end-user's responsibility, not yours. So I urge > > you to reconsider. At the very least ask the user at installation > > time whether she wants to declare the entire tree trusted, but don't > > do it unconditionally, because it basically renders this change in > > large part ineffective, and then why did we even bother to do it, > > delaying the release etc.? > > It sounds like I am significantly misunderstanding something. I thought > that this trusted-files change was about, e.g., random Lisp files in my > ~/Downloads/. Debian will certainly not be marking those as trusted! Right. > Let me step back a bit. > > If you install Emacs on the next release of Debian and you enable > installing all suggested packages, you'll also get a bunch of major > modes from GNU ELPA and elsewhere, such as markdown-mode (thanks to > Xiyue Deng for sorting out the metadata such that these other modes are > suggested by our package manager). > > These are Debian-vetted versions of these packages; we have lots of > users who don't want to use package.el directly. The Lisp is installed > under /usr/share/emacs/site-lisp/elpa-src. It's equally as safe as the > code for Emacs itself; the same people (Debian Developers) have upload > access for Emacs and for all those other major modes. So, I would have > thought we would be marking those as trusted on behalf of our users. > > Does this still seem wrong to you? Can you see what I've misunderstood? I think you assume that since this stuff is installed from Debian, those directories are forever trusted. But that is only true immediately after the installation. Some time after that, anything can happen with these directories. Whether they can be trusted from now to eternity is something for the user to say. At least this is my opinion. I don't see myself as an expert on this, so please wait for Stefan and others to chime in if they have different opinions.