From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.bugs Subject: bug#24489: efaq: security risks Date: Sun, 25 Sep 2016 13:15:16 -0400 Message-ID: References: <7ca8f2ur15.fsf@fencepost.gnu.org> <7ca8f2ur15.fsf@fencepost.gnu.org> <87y42kciee.fsf_-_@lifelogs.com> <87intmypzs.fsf@lifelogs.com> Reply-To: rms@gnu.org NNTP-Posting-Host: blaine.gmane.org Content-Type: text/plain; charset=Utf-8 X-Trace: blaine.gmane.org 1474823789 2213 195.159.176.226 (25 Sep 2016 17:16:29 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 25 Sep 2016 17:16:29 +0000 (UTC) Cc: larsi@gnus.org, 24489@debbugs.gnu.org To: Ted Zlatanov Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Sep 25 19:16:25 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1boD2B-0006sO-ST for geb-bug-gnu-emacs@m.gmane.org; Sun, 25 Sep 2016 19:16:11 +0200 Original-Received: from localhost ([::1]:39692 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boD2A-0006mR-6A for geb-bug-gnu-emacs@m.gmane.org; Sun, 25 Sep 2016 13:16:10 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56604) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boD23-0006mM-RA for bug-gnu-emacs@gnu.org; Sun, 25 Sep 2016 13:16:04 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1boD22-0004N8-Kw for bug-gnu-emacs@gnu.org; Sun, 25 Sep 2016 13:16:03 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:57800) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boD22-0004N4-Hh for bug-gnu-emacs@gnu.org; Sun, 25 Sep 2016 13:16:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1boD22-0006Qk-C7 for bug-gnu-emacs@gnu.org; Sun, 25 Sep 2016 13:16:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Richard Stallman Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 25 Sep 2016 17:16:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 24489 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 24489-submit@debbugs.gnu.org id=B24489.147482374124689 (code B ref 24489); Sun, 25 Sep 2016 17:16:02 +0000 Original-Received: (at 24489) by debbugs.gnu.org; 25 Sep 2016 17:15:41 +0000 Original-Received: from localhost ([127.0.0.1]:35757 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1boD1h-0006Q9-Kf for submit@debbugs.gnu.org; Sun, 25 Sep 2016 13:15:41 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:36896) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1boD1g-0006Pw-1N for 24489@debbugs.gnu.org; Sun, 25 Sep 2016 13:15:40 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1boD1Z-0004AL-Ps for 24489@debbugs.gnu.org; Sun, 25 Sep 2016 13:15:34 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:56616) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boD1J-00046h-MB; Sun, 25 Sep 2016 13:15:17 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1boD1I-000817-Uo; Sun, 25 Sep 2016 13:15:16 -0400 In-reply-to: <87intmypzs.fsf@lifelogs.com> (message from Ted Zlatanov on Fri, 23 Sep 2016 22:45:59 -0400) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:123685 Archived-At: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > RS> It is no use telling people, "Be afraid of browsing." > The original suggestion by Glenn was to say that remote HTML content is > a potential security risk. Is there a significant difference? I don't see it. "Browsing" means "looking at remote HTML from web sites". (Please don't refer to publications or works as "content". See http://gnu.org/philosophy/words-to-avoid.html.) Certainly. The FAQ can link to external resources, for instance. I think in the FAQ we should at least list the libraries that Emacs uses to render remote content (SVG, XML, PNG, etc.) so the user is aware of those dependencies and will keep them up to date. This will require updating, and I don't see that it will benefit anyone. Thus, I think it is better if we don't put this in. -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html.