From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#75017: 31.0.50; Untrusted user lisp files Date: Fri, 27 Dec 2024 10:35:56 +0200 Message-ID: <86zfkhwmj7.fsf@gnu.org> References: <87bjx43gp7.fsf@pub.pink> <86frmg6xzf.fsf@gnu.org> <86ldw75zrd.fsf@gnu.org> <9a4969f4-858e-4493-a69f-8ca9b2861917@gutov.dev> <868qs75uwp.fsf@gnu.org> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@gutov.dev> <865xna60oj.fsf@gnu.org> <4ff33026-e509-41d0-8d02-e67db644a797@gutov.dev> <87ed1tpobf.fsf@zephyr.silentflame.com> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="23540"; mail-complaints-to="usenet@ciao.gmane.io" Cc: dmitry@gutov.dev, jm@pub.pink, stefankangas@gmail.com, 75017@debbugs.gnu.org To: Sean Whitton Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Dec 27 09:37:14 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tR5qL-0005z7-R8 for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 27 Dec 2024 09:37:13 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tR5qE-0003uc-8K; Fri, 27 Dec 2024 03:37:06 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tR5qB-0003te-Jt for bug-gnu-emacs@gnu.org; Fri, 27 Dec 2024 03:37:03 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tR5qB-0005fr-8r for bug-gnu-emacs@gnu.org; Fri, 27 Dec 2024 03:37:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=References:In-Reply-To:From:Date:To:Subject; bh=z7Y44MeBKO/YCPbWtJfa2O4tIwdTBRRkOKCYH9SNA9Q=; b=cLHszuX3G48dbAQpxutFzeO7QmdG0H4/CWtfjlG3fXPQ325jcx1PdEZZ0G5Cf/CFCUbGKvpdp+x5oX3K1AquuTvjlMnIkY4EAlECjd2gH6h6h8HcS3+g1UCLBD5aHioTMt9EFHSmsM0V4v/wuPmB/UCWfUYK9TPmK9ojK1uolpxYZibyjVNHMNIJg+1Mo7DEjPSprtR5SgjOjQ26MVyvbr2CCi0mzTCwBucDJFVFs8AYR+Ypu4gJW5DT976P6xZT09RF8q7vuwbf+fjrOouM0zqq9huGj/4JNMOZD20t1mu6g6FthygSRVMjGQ9zTlHt6d6BLmpu8WbiE1ZsOobkng==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tR5q9-0003Y2-Od for bug-gnu-emacs@gnu.org; Fri, 27 Dec 2024 03:37:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 27 Dec 2024 08:37:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75017 X-GNU-PR-Package: emacs Original-Received: via spool by 75017-submit@debbugs.gnu.org id=B75017.173528856913552 (code B ref 75017); Fri, 27 Dec 2024 08:37:01 +0000 Original-Received: (at 75017) by debbugs.gnu.org; 27 Dec 2024 08:36:09 +0000 Original-Received: from localhost ([127.0.0.1]:44622 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tR5pI-0003WW-L1 for submit@debbugs.gnu.org; Fri, 27 Dec 2024 03:36:09 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:36972) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tR5pD-0003Vx-Tv for 75017@debbugs.gnu.org; Fri, 27 Dec 2024 03:36:07 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tR5p8-0005dB-0h; Fri, 27 Dec 2024 03:35:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=z7Y44MeBKO/YCPbWtJfa2O4tIwdTBRRkOKCYH9SNA9Q=; b=LCGl8W4lmcE5 TcUA+gkahODueTfFOp00wp0gMIy3AQFLY2mOu8pGN8EZFW1ajDBW279Ofx8PhqqhfTJDUOQh9rtMk cGpbpE62TxczYxSfF+9pw6CTKEAdcquV+PIV6cOhba5PVfcI7auVwhAeKyhzD9lJ7sphqLMjehgzN Lav4tJBOsw14SAB+aWGEVA4NTKkFIwEo36KHl6LlJotyAsEFZQNPyZnL7dYnum2dZjxwo4tqiV/5W cBNNHbUsLNtmZ9fdu0GT89zPRgY3A1k63DzGv0YY2UdeqcX2Bo+3DYRzaZ4MDVSx5u8Chqg1Bepz3 +cr5U8zSfozSm1XI/b83+Q==; In-Reply-To: <87ed1tpobf.fsf@zephyr.silentflame.com> (message from Sean Whitton on Fri, 27 Dec 2024 07:39:16 +0000) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297815 Archived-At: > From: Sean Whitton > Cc: Eli Zaretskii , jm@pub.pink, stefankangas@gmail.com, > 75017@debbugs.gnu.org > Date: Fri, 27 Dec 2024 07:39:16 +0000 > > For Debian we'll probably patch in so everything that we install on the > system is automatically trusted. It seems natural to me to see this as > the distributor's responsibility. I think this is the end-user's responsibility, not yours. So I urge you to reconsider. At the very least ask the user at installation time whether she wants to declare the entire tree trusted, but don't do it unconditionally, because it basically renders this change in large part ineffective, and then why did we even bother to do it, delaying the release etc.?