From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Sean Whitton <spwhitton@spwhitton.name>
Newsgroups: gmane.emacs.bugs
Subject: bug#75017: 31.0.50; Untrusted user lisp files
Date: Fri, 27 Dec 2024 07:39:16 +0000
Message-ID: <87ed1tpobf.fsf@zephyr.silentflame.com>
References: <87bjx43gp7.fsf@pub.pink> <86frmg6xzf.fsf@gnu.org>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@mail.gmail.com>
 <86ldw75zrd.fsf@gnu.org>
 <9a4969f4-858e-4493-a69f-8ca9b2861917@gutov.dev>
 <868qs75uwp.fsf@gnu.org>
 <36eb8d61-cf0c-4ac9-a679-252a46a874ee@gutov.dev>
 <865xna60oj.fsf@gnu.org>
 <4ff33026-e509-41d0-8d02-e67db644a797@gutov.dev>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="20405"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13)
Cc: Eli Zaretskii <eliz@gnu.org>, jm@pub.pink, stefankangas@gmail.com,
 75017@debbugs.gnu.org
To: Dmitry Gutov <dmitry@gutov.dev>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Dec 27 08:40:16 2024
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1tR4xC-0005AZ-Hl
	for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 27 Dec 2024 08:40:15 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1tR4x4-0002oB-1I; Fri, 27 Dec 2024 02:40:06 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tR4x0-0002nw-Nc
 for bug-gnu-emacs@gnu.org; Fri, 27 Dec 2024 02:40:02 -0500
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tR4x0-00080x-3n
 for bug-gnu-emacs@gnu.org; Fri, 27 Dec 2024 02:40:02 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:Date:References:In-Reply-To:From:To:Subject;
 bh=9K6uw0FeJldRdLF8QyxTpPLDjPwM/kMScP5+ylWHkoQ=; 
 b=XVliIwqyi1Ugpkrm6LmehJo5GUCPwCHPn4ZkrEQ47GkHmvLBmxiDh+cZblrZJxXzvx4ZKPe2Ms/2gAGprrPkP23b/OrnKB7FzOIGCeKSbIuKt6n1txbiNOoSNxAzzMQH0YM+/Q5xSI8GSmodwQ/daATtDoMeAyT8/jp/9ptch+8lKjsA8ea/z6jbFb+ue6sJr3lOCGGZqPw54DGi+MRfWqNrZVYeYbpKir7mqkeg35VvUl214dBAI7rge89eYrwSdi0kh0net8ORa+TP4hQxBeUdp3tAxXerkSvWeMJJQJjsvnWkfyCjm0pkYp1m7SbuaFP/IDNmOxsEfksqTEKM3g==;
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tR4wz-0000lE-TL
 for bug-gnu-emacs@gnu.org; Fri, 27 Dec 2024 02:40:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Sean Whitton <spwhitton@spwhitton.name>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Fri, 27 Dec 2024 07:40:01 +0000
Resent-Message-ID: <handler.75017.B75017.17352851672840@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 75017
X-GNU-PR-Package: emacs
Original-Received: via spool by 75017-submit@debbugs.gnu.org id=B75017.17352851672840
 (code B ref 75017); Fri, 27 Dec 2024 07:40:01 +0000
Original-Received: (at 75017) by debbugs.gnu.org; 27 Dec 2024 07:39:27 +0000
Original-Received: from localhost ([127.0.0.1]:44531 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tR4wQ-0000jj-Rl
 for submit@debbugs.gnu.org; Fri, 27 Dec 2024 02:39:27 -0500
Original-Received: from sendmail.purelymail.com ([34.202.193.197]:39848)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <spwhitton@spwhitton.name>) id 1tR4wO-0000jS-Mv
 for 75017@debbugs.gnu.org; Fri, 27 Dec 2024 02:39:25 -0500
DKIM-Signature: a=rsa-sha256;
 b=o22FRM0tHUTgY5njLhEQKeVyyZN4Sb/fwcvqLwn/NXLqDpo/NgT5Lk/eOe73CA1f3VQZgMUZvUH7gEZUYSy81AZYzvGLa2gDJkV4i+KiT/ME7jpd44YZcnCWwJSEbaz80UjeE+W5lIMu3btYSYewKa6g6jrYachJB3ymM6reTyPsIt6b95L22EgKX5AKwc7+Qd6u20yDzxiUglwO+GlPeqYGev9ExjC7uWA2EUw4vKleJr/V0sa2qrbHpVfdInC2GDZ9/NlbnBVPKssuCzPL77YKLOycFFFD+5oIfpuWEcPr9cf3xo6qc/B57vbR9rbOEA0StWKn9VAS/p1NfssPOA==;
 s=purelymail2; d=spwhitton.name; v=1;
 bh=8QkX20i5N4Q0TyukWJCiApH9RGZNlOY5Fd/RJR/OXoI=;
 h=Received:Received:From:To:Subject:Date; 
DKIM-Signature: a=rsa-sha256;
 b=Eg14ri6WNnv1d9yUHcuT3rIrzeDRUCoyNlqdHTQzQ/l5FFR+pWgSZm8+8jMU8blg9M15KTW6rtGDBYEg3Pj9pvKadKX3q4VZv6FtmZi1nQ8BKtBPP6E1X4SgWBzC7FYmjvgHwUAE/Lz0iU51kcJsDt8fHzKQ3DhSwxbJNyyIHX8L3KP4UtHR/elfXwRxzqE0SKocRqFzcQY9WyoyOFg0lXpycqywHEj29yZd72SR1Vf6FX+Wt/+7IEK34gp0UDhpdtYa5w6O5pQmr6D+K3ldnketU2BSgQM1V92y+7pkguzNdXBRqCNHThJTGlv4bRtxojs97CeuJ7M/vD1VpxRGbA==;
 s=purelymail2; d=purelymail.com; v=1;
 bh=8QkX20i5N4Q0TyukWJCiApH9RGZNlOY5Fd/RJR/OXoI=;
 h=Feedback-ID:Received:Received:From:To:Subject:Date; 
Feedback-ID: 20115:3760:null:purelymail
X-Pm-Original-To: 75017@debbugs.gnu.org
Original-Received: by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id 1816988279; 
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
 Fri, 27 Dec 2024 07:39:17 +0000 (UTC)
Original-Received: by zephyr.silentflame.com (Postfix, from userid 1000)
 id 5FBA8941C75; Fri, 27 Dec 2024 07:39:16 +0000 (GMT)
In-Reply-To: <4ff33026-e509-41d0-8d02-e67db644a797@gutov.dev> (Dmitry Gutov's
 message of "Wed, 25 Dec 2024 01:29:36 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:297806
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/297806>

Hello,

On Wed 25 Dec 2024 at 01:29am +02, Dmitry Gutov wrote:

> Thank you. So the scenario where we would make the distinction is when the
> user managed to notice (somehow?) that the file had changed during the Emacs
> session, and then went to edit it.
>
> To be frank, I asked the question after reading the scenario from the first
> message, and it talks about early-init-file. IIUC this file lives in the same
> dir as the plain user-init-file, so the chances of them being edited by
> someone other than the user should be about equal, and we do "trust" the
> latter file automatically.
>
> Probably not too critical, but inconsistencies can be annoying (the user has
> to spend time figuring out whether something is broken and why).

For Debian we'll probably patch in so everything that we install on the
system is automatically trusted.  It seems natural to me to see this as
the distributor's responsibility.

-- 
Sean Whitton