From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Skip Montanaro <skip.montanaro@gmail.com>
Newsgroups: gmane.emacs.help
Subject: Re: Trojan Source detection/highlight in Emacs?
Date: Tue, 2 Nov 2021 10:01:28 -0500
Message-ID: <CANc-5UyhgiZnPGtAOmc6YwEXOpa6iMV+Vu7=G76keeJZyjxQRA@mail.gmail.com>
References: <CANc-5Uy_au4VV2AGWO1pYHZHVTfHFqCmig06GdN5CfHfrBu1tA@mail.gmail.com>
 <834k8ulkqe.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="9218"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: Help GNU Emacs <help-gnu-emacs@gnu.org>
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Tue Nov 02 16:16:32 2021
Return-path: <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1mhvWa-0002D2-4P
	for geh-help-gnu-emacs@m.gmane-mx.org; Tue, 02 Nov 2021 16:16:32 +0100
Original-Received: from localhost ([::1]:40464 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1mhvWZ-00076x-6E
	for geh-help-gnu-emacs@m.gmane-mx.org; Tue, 02 Nov 2021 11:16:31 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:60048)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <skip.montanaro@gmail.com>)
 id 1mhvIT-0006XB-8W
 for help-gnu-emacs@gnu.org; Tue, 02 Nov 2021 11:01:57 -0400
Original-Received: from mail-yb1-xb2b.google.com ([2607:f8b0:4864:20::b2b]:39608)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <skip.montanaro@gmail.com>)
 id 1mhvIR-0004uO-Nz; Tue, 02 Nov 2021 11:01:56 -0400
Original-Received: by mail-yb1-xb2b.google.com with SMTP id j75so26078368ybj.6;
 Tue, 02 Nov 2021 08:01:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=eht23+09RCXZRinNSnutBeSmsD3rPqAovsIYlajN91Q=;
 b=K8Xy8dc10VIKNukHvSW80pF6+ihQXo9SnkGEsuqzKkU41dfmh4vpDeRIcaMMCMgwq6
 muze9sI3oferL7Qmr5sR8812Vuw9S7wbmhjB1qHMBnRGuqWBDc+eJBzXk1qAWmZc7Mj9
 OCKYfoGlpkZc8L9Bp1Ya/p7FrJs/5aIntHMjmeR0Sgy+E4vTgnjqC0kKg6UH7Y4AVEH7
 LGqX2mmeziYlguSygpcvG/8tpg1y3YrygasV0oVgYDQR1EeJAMv4hjHqyc6tpHSRoYeB
 3PIy+phTz/jlQFlBAf0M6NlOiBAmtCdn6qkn+zMuqCjAkJUMf0Rr1h9y/07eV3HyHrhb
 WAjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=eht23+09RCXZRinNSnutBeSmsD3rPqAovsIYlajN91Q=;
 b=UxFXN5FbAzUS20RVCNHRMdzYkHpcr7kEKxOpjVxK+EQZwXlTax2tf18ZpQ/un+A9zW
 Z355zZt5XM3Ci99Ng6OBYsbzvgCdrfbhcwl1ofTYrxvnvSyjzYzXm99BIOxj5NXSnY49
 TBPoUJSpDpjNYLLAViGpyKkRnf2BEkjZr4MCgabl2kVhLaliUqaj+nWA07MiGsL4V0Ja
 VqYrS1y4tfA7Kg/Gc39iSA/peM6liqcqLxXq0uxdBewfBHOnOx5wkDRqMVI48E9P6M/p
 3zONvM45JX+9/89cHlasdb+bhB0jLI0W2joNewKPaCTCSHOkc7kzpCm2tRf7djw28/kD
 1M1A==
X-Gm-Message-State: AOAM5322wj557rxVXH4YrjvjIPeJhqayFok3ph+6cDAb6l83lBRe/G2x
 6i/53cP4pfZU9Ofj363hzj80CKe5vXgSSKEPqB8V11y3O1Yv
X-Google-Smtp-Source: ABdhPJysmxXfH4cX3oTBmELbanCT3VeFUY5Tipp7gjP2Br7bQEFkDwFodN8ajO2RzuT0xRdrJB4wpW2W49O4bUtcRfk=
X-Received: by 2002:a25:d405:: with SMTP id m5mr37608001ybf.351.1635865314174; 
 Tue, 02 Nov 2021 08:01:54 -0700 (PDT)
In-Reply-To: <834k8ulkqe.fsf@gnu.org>
Received-SPF: pass client-ip=2607:f8b0:4864:20::b2b;
 envelope-from=skip.montanaro@gmail.com; helo=mail-yb1-xb2b.google.com
X-Spam_score_int: -6
X-Spam_score: -0.7
X-Spam_bar: /
X-Spam_report: (-0.7 / 5.0 requ) BAYES_05=-0.5, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: help-gnu-emacs@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Users list for the GNU Emacs text editor <help-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-gnu-emacs>,
 <mailto:help-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-gnu-emacs>
List-Post: <mailto:help-gnu-emacs@gnu.org>
List-Help: <mailto:help-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-gnu-emacs>,
 <mailto:help-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "help-gnu-emacs"
 <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.help:134315
Archived-At: <http://permalink.gmane.org/gmane.emacs.help/134315>

On Tue, Nov 2, 2021 at 9:39 AM Eli Zaretskii <eliz@gnu.org> wrote:

> > From: Skip Montanaro <skip.montanaro@gmail.com>
> > Date: Mon, 1 Nov 2021 17:19:16 -0500
> >
> > The recent Trojan Source vulnerability crossed my newsfeed a day or two
> > ago.
>
> For some value of "recent".
>

:-)

It's not clear when the paper was published, but I expect Brian Krebs to be
on top of things better than most people. That this is only now becoming an
issue in the software development space suggests that back in 2014, it
wasn't viewed as a potentially broad vulnerability by the Emacs developer
community at the time.

I accept your belief that this will be difficult to handle in Emacs. Maybe
lint tools are where the solution lies.

Skip