GNU bug report logs -
#74879
30.0.92; trusted-content-p and trusted-files cannot be used for non-file buffers
Previous Next
Full log
Message #23 received at 74879 <at> debbugs.gnu.org (full text, mbox):
> From: Ihor Radchenko <yantar92 <at> posteo.net>
> Cc: Daniel Mendler <mail <at> daniel-mendler.de>, 74879 <at> debbugs.gnu.org,
> monnier <at> iro.umontreal.ca, stefankangas <at> gmail.com
> Date: Sun, 15 Dec 2024 11:37:37 +0000
>
> Eli Zaretskii <eliz <at> gnu.org> writes:
>
> > The question is serious: how do we envision this "trust" thing to work
> > with buffers that don't visit files? If we are to change the code,
> > certainly on the emacs-30 branch, we need a solid solution which
> > provides more safety/security to users. Adding a variable doesn't
> > solve a problem, it _adds_ a problem (how to populate the variable).
>
> Let me try.
>
> If buffer contents is not coming from a file, it must be generated by
> some Elisp code. That code may as well set trust status.
> For example, *scratch* buffer may have its contents (automatically
> generated) marked as trusted by default.
>
> Does it make sense?
Are you in effect saying that every buffer that doesn't visit a file
should be trusted? If that's accepted, it doesn't need any function.
And can we really trust arbitrary ELisp code that to set trust?
And what about buffers whose contents came from a network connection?
What about buffers whose contents came from inserting some file or
part thereof, or were generated by processing some file?
What about buffers whose contents came from a program Emacs invoked?
This bug report was last modified 56 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.