From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Sean Whitton Newsgroups: gmane.emacs.bugs Subject: bug#75017: 31.0.50; Untrusted user lisp files Date: Fri, 27 Dec 2024 13:36:55 +0000 Message-ID: <871pxtp7rc.fsf@zephyr.silentflame.com> References: <87bjx43gp7.fsf@pub.pink> <86frmg6xzf.fsf@gnu.org> <86ldw75zrd.fsf@gnu.org> <9a4969f4-858e-4493-a69f-8ca9b2861917@gutov.dev> <868qs75uwp.fsf@gnu.org> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@gutov.dev> <865xna60oj.fsf@gnu.org> <4ff33026-e509-41d0-8d02-e67db644a797@gutov.dev> <87ed1tpobf.fsf@zephyr.silentflame.com> <86zfkhwmj7.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="35385"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: dmitry@gutov.dev, jm@pub.pink, stefankangas@gmail.com, 75017@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Dec 27 14:38:21 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tRAXk-00092y-JN for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 27 Dec 2024 14:38:21 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tRAXY-0005pf-HM; Fri, 27 Dec 2024 08:38:08 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tRAXS-0005p1-It for bug-gnu-emacs@gnu.org; Fri, 27 Dec 2024 08:38:04 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tRAXS-0002C6-Ao for bug-gnu-emacs@gnu.org; Fri, 27 Dec 2024 08:38:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=foMiCDlcWqEOXjPug25klD0WUmpUg/2z/aFh1N/3AI0=; b=LWdJjKtUFOMGz7EKjcjDdGieSGN1QBzE5pnHgJqsXPHHR1VOsd3lxvVI7sNyiiwKWRw6zixoK4sDuNMtNCeoXB/JLBXoz4ccfQc8em2Q2bIJ6v62OuPAHkXskfHOu5NNnnoNLpQwcylgEx5m3DwUOXWvY9FPVpDQfOQyYp8dPDpzWtffiOV6jLsPXEVe8sdP83yOIyLpNLWqbIV//I7meU1H17AzjwM3RwoIKRCnYnxKnV4HkRU7caedEhNry1mlxBg6BX5ejZy4u25pCxiDOkBgxUFBrGDV/lhsXK+ge75bnI+hFPRDg8vUQstLFGjdNoZmipZmujthQ5tUNtIwWg==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tRAXR-0001Cd-TV for bug-gnu-emacs@gnu.org; Fri, 27 Dec 2024 08:38:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Sean Whitton Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 27 Dec 2024 13:38:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75017 X-GNU-PR-Package: emacs Original-Received: via spool by 75017-submit@debbugs.gnu.org id=B75017.17353066294522 (code B ref 75017); Fri, 27 Dec 2024 13:38:01 +0000 Original-Received: (at 75017) by debbugs.gnu.org; 27 Dec 2024 13:37:09 +0000 Original-Received: from localhost ([127.0.0.1]:45116 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tRAWa-0001As-TQ for submit@debbugs.gnu.org; Fri, 27 Dec 2024 08:37:09 -0500 Original-Received: from sendmail.purelymail.com ([34.202.193.197]:34712) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tRAWX-0001A7-GG for 75017@debbugs.gnu.org; Fri, 27 Dec 2024 08:37:06 -0500 DKIM-Signature: a=rsa-sha256; b=6GVV0IURuARy0PU+zkPpVjnU5t4Ecfwq8hXZMCxll7DFgD/aAElXfKMT2IjXQPK0SGkdwp6HT5vlQ2AJN0W+VBVD1sejGbvEuKiVOJladpiuB7WLmRbr7JDRkBzVqAgXvYqozjanMhkvAkZVxP74/6/ByN3R5mSM5z2YSKeCbKObCOOFhuXnCh1x+XDPM72w+QJE0cRe8pSO/X3Y63k6h+jkBTepsk8LQBpqzL3cWjktrBTTs/svNlZ1IX9BKjP0FCDlsR7zgDowDS7QBoJORM3BbAMa0RjIxWTsQu3fh0okgDTXACcq9fghs9/3u2eugkNLWYqY3KIkE09EQspm2g==; s=purelymail2; d=spwhitton.name; v=1; bh=SOd28mLLiPpB/Yhy1IYWk+/nw9WH6VpTkL9Qnkh2+9k=; h=Received:Received:From:To:Subject:Date; DKIM-Signature: a=rsa-sha256; b=fPPvB6X07P8cM6BZ/R/vRJCeKP95vUnTr3c/FbeRUjWh5non769eNIU/40Vc9YksIaOzaCHMmPukcNvjB1pGRkkIxZPTTgYNYl2MvjroQzV6+mxDUK4gmWu0PO7GnmDljMrgeu9AQGSeCXh9/0TxEAnHhW9EHx9wC1FndI+LP2ja1QMwj9Nn5OqHvPau75VuASCCn/ZrdXrq9c6YxEDicDFy+xX3Br24u5Q74IAGn6gm2WbJMSCVxSWVFI3zQMhbZIIyDK1GNFRZd5p4lSZm8v3ATuzfPPHZrzv+fBpmWTlIn1oYFQjYrGizk/qzSE6wTF4n3R0meRCGi1ki4VeEzg==; s=purelymail2; d=purelymail.com; v=1; bh=SOd28mLLiPpB/Yhy1IYWk+/nw9WH6VpTkL9Qnkh2+9k=; h=Feedback-ID:Received:Received:From:To:Subject:Date; Feedback-ID: 20115:3760:null:purelymail X-Pm-Original-To: 75017@debbugs.gnu.org Original-Received: by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id 983471356; (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Fri, 27 Dec 2024 13:36:56 +0000 (UTC) Original-Received: by zephyr.silentflame.com (Postfix, from userid 1000) id 99A579417C1; Fri, 27 Dec 2024 13:36:55 +0000 (GMT) In-Reply-To: <86zfkhwmj7.fsf@gnu.org> (Eli Zaretskii's message of "Fri, 27 Dec 2024 10:35:56 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297826 Archived-At: Hello, On Fri 27 Dec 2024 at 10:35am +02, Eli Zaretskii wrote: >> From: Sean Whitton >> Cc: Eli Zaretskii , jm@pub.pink, stefankangas@gmail.com, >> 75017@debbugs.gnu.org >> Date: Fri, 27 Dec 2024 07:39:16 +0000 >> >> For Debian we'll probably patch in so everything that we install on the >> system is automatically trusted. It seems natural to me to see this as >> the distributor's responsibility. > > I think this is the end-user's responsibility, not yours. So I urge > you to reconsider. At the very least ask the user at installation > time whether she wants to declare the entire tree trusted, but don't > do it unconditionally, because it basically renders this change in > large part ineffective, and then why did we even bother to do it, > delaying the release etc.? It sounds like I am significantly misunderstanding something. I thought that this trusted-files change was about, e.g., random Lisp files in my ~/Downloads/. Debian will certainly not be marking those as trusted! Let me step back a bit. If you install Emacs on the next release of Debian and you enable installing all suggested packages, you'll also get a bunch of major modes from GNU ELPA and elsewhere, such as markdown-mode (thanks to Xiyue Deng for sorting out the metadata such that these other modes are suggested by our package manager). These are Debian-vetted versions of these packages; we have lots of users who don't want to use package.el directly. The Lisp is installed under /usr/share/emacs/site-lisp/elpa-src. It's equally as safe as the code for Emacs itself; the same people (Debian Developers) have upload access for Emacs and for all those other major modes. So, I would have thought we would be marking those as trusted on behalf of our users. Does this still seem wrong to you? Can you see what I've misunderstood? -- Sean Whitton