GNU bug report logs - #74879
30.0.92; trusted-content-p and trusted-files cannot be used for non-file buffers

Previous Next

Package: emacs;

Reported by: Daniel Mendler <mail <at> daniel-mendler.de>

Date: Sun, 15 Dec 2024 00:40:02 UTC

Severity: normal

Found in version 30.0.92

Full log

View this message in rfc822 format

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Daniel Mendler <mail <at> daniel-mendler.de>
Cc: Dmitry Gutov <dmitry <at> gutov.dev>, 74879 <at> debbugs.gnu.org, Stefan Monnier <monnier <at> iro.umontreal.ca>
Subject: bug#74879: 30.0.92; trusted-content-p and trusted-files cannot be used for non-file buffers
Date: Sat, 11 Jan 2025 12:12:41 +0000

Daniel Mendler <mail <at> daniel-mendler.de> writes:

> ELPA packages can be trusted more for multiple reasons:

There is no doubt about that, indeed.

> 1. They come from known sources, from curated archives. Admittedly the
> archive review is not sufficient. I've suggested to add review
> facilities to package.el, see bug#74604. Furthermore I've suggested to
> add git commit signature checks to GNU/NonGNU ELPA, see bug#61277.

These are all good ideas.

> 2. There is the barrier of adding untrusted archives to the
> `package-archives' list. The user has to opt-in explicitly to that.

True, but in practice most people add MELPA because that's what is
commonly recommended online.

> 3. Installation of packages is confirmed via package.el and does not
> happen without user consent.

Yes, it is "not our fault" because "you shouldn't have done that" and so
on.  However, whether or not we are technically at fault, we should
still work to make Emacs safer to use, IMO.

> As soon as the user agrees to install a package, they agree that the
> package will shortly become part of the `load-path', and that its code
> will be executed shortly. If we believe that package installation is not
> safe enough, additional louder confirmations and warnings could be
> added: When adding new archives (additional validation of
> `package-archives') and second and when installing or upgrading
> packages. For example `package-upgrade-all' tells me how many packages
> it wants to upgrade but not even which packages - I really want to
> inspect the list of upgradeable packages first.

Good ideas, thanks.  Feel free to submit feature requests.

> Which additional benefits do you see if ELPA packages are compiled
> inside bwrap? The trust will only be pushed a little to the future.

Consider packages that are used very rarely.  I'd prefer to have
`php-mode' installed, but I can't even remember the last time I had to
look at a PHP file.  It could be more than 10 years ago.
This bug report was last modified 55 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.