GNU bug report logs - #24489
efaq: security risks

Previous Next

Package: emacs;

Reported by: Glenn Morris <rgm <at> gnu.org>

Date: Tue, 20 Sep 2016 22:49:02 UTC

Severity: minor

Tags: security

Found in version 25.1

Fixed in version 29.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Richard Stallman <rms <at> gnu.org>
To: Ted Zlatanov <tzz <at> lifelogs.com>
Cc: larsi <at> gnus.org, 24489 <at> debbugs.gnu.org
Subject: bug#24489: efaq: security risks
Date: Sun, 25 Sep 2016 13:15:16 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > RS> It is no use telling people, "Be afraid of browsing."

  > The original suggestion by Glenn was to say that remote HTML content is
  > a potential security risk.

Is there a significant difference?  I don't see it.
"Browsing" means "looking at remote HTML from web sites".


(Please don't refer to publications or works as "content".
See http://gnu.org/philosophy/words-to-avoid.html.)

    Certainly. The FAQ can link to external resources, for instance. I think
    in the FAQ we should at least list the libraries that Emacs uses to
    render remote content (SVG, XML, PNG, etc.) so the user is aware of
    those dependencies and will keep them up to date.

This will require updating, and I don't see that it will benefit
anyone.  Thus, I think it is better if we don't put this in.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.
This bug report was last modified 3 years and 191 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.