GNU bug report logs - #45198
28.0.50; Sandbox mode

Previous Next

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: alan <at> idiocy.org, mattiase <at> acm.org, 45198 <at> debbugs.gnu.org, stefan <at> marxist.se, p.stephani2 <at> gmail.com, joaotavora <at> gmail.com
Subject: bug#45198: 28.0.50; Sandbox mode
Date: Sun, 18 Apr 2021 09:24:35 +0300

> From: Stefan Monnier <monnier <at> iro.umontreal.ca>
> Cc: mattiase <at> acm.org,  joaotavora <at> gmail.com,  p.stephani2 <at> gmail.com,
>   stefan <at> marxist.se,  45198 <at> debbugs.gnu.org,  alan <at> idiocy.org
> Date: Sat, 17 Apr 2021 16:26:25 -0400
> 
> > If you are implying that one does something conscious and deliberate
> > before byte-compiling a file,
> 
> Have you ever byte-compiled a random ELisp file sent to you from some
> unknown email address without looking at it first?

No, but I also don't use Flymake and never install packages via
package.el.

IOW, my own workflows are not very relevant to the issues at hand, and
neither are yours.  What matters is what others do.

> The whole point of the sandboxing exercise is so as to be able to have
> flymake-mode in the hook without exposing yourself to
> these vulnerabilities.

So we are going to introduce all this non-trivial machinery into Emacs
just to solve the Flymake use case?  Is that reasonable from the
project management POV, in your eyes?

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.