GNU bug report logs - #58774
29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly

Previous Next

Full log

View this message in rfc822 format

From: indieterminacy <indieterminacy <at> libre.brussels>
To: Max Nikulin <manikulin <at> gmail.com>, Stefan Kangas <stefankangas <at> gmail.com>, 58774 <at> debbugs.gnu.org, emacs-orgmode <at> gnu.org
Subject: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly
Date: Wed, 26 Oct 2022 23:56:31 +0200

On 26-10-2022 20:37, Jean Louis wrote:
> 
> I do not have special opinion of "publishing Org files" for unknown
> people, if such people are not member of the group. That would require
> training them to know what is Org mode, and finally why? Emacs is poor
> general browser tool.
> 
> Greatest benefit of Org files being served and properly parsed by
> Emacs by using HTTP is personal and group based. It is not mainly for
> public use.
> 
> But one could think of it being analogous to Gemini.
> 
> https://gemini.circumlunar.space/
> 
> Public who does not use Emacs will not be interested in such.
> 
> They may download Org files and open it from file system. Same
> insecurity exists by downloading them and opening them.
> 

Just typical that Id raise Gemini just as you bring it up yourself (so 
many mails to sift through) :)

>> Sometimes Org developer and maintainers do not have enough resources
>> to react to security-related reports. An issue not so dangerous in
>> the current state becomes really weird if Org mode becomes a default
>> handler for files fetched from net.
> 
> Your interpretation is improper, as you mentioned "default handler for
> files fetched from net" -- and I was very specific, for text/x-org
> content type that EWW get possibility to invoke org mode on such
> files.
> 
> Quite logical. Emacs, Org mode and EWW, those shall work together. I
> am surprised that it does not.
> 
> At least Russian Nginx WWW server supports me as user to configure it
> so to serve Org files as text/x-org.
> 
> Though personally I have already found buggy solution with Emacs Lisp
> modification to eww render function. I must improve it.
> 

It is worth emphasizing that Gemini is conventionally designed to serve 
and receive files in isolation and that browsers are not expected to do 
anything beyond recognising the simple types of lines.

As such ceteris paribus Id like to thing that it should operate to 
minimise threats of vulnerabilities such as spreadsheets being used to 
interact with banking services.

Besides, the size and range of Gemini browsers and clients met with the 
size of these tools - combined with the acutal size of the Gemini 
community (let alone their competence grade) would make it a low 
priority for troublemakers to prioritise.

-- 
Jonathan McHugh
indieterminacy <at> libre.brussels

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.