GNU bug report logs - #75017
31.0.50; Untrusted user lisp files

Previous Next

Package: emacs;

Reported by: john muhl <jm <at> pub.pink>

Date: Sat, 21 Dec 2024 20:50:02 UTC

Severity: normal

Found in version 31.0.50

Full log

Message #71 received at 75017 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: john muhl <jm <at> pub.pink>, 75017 <at> debbugs.gnu.org
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
Date: Tue, 24 Dec 2024 00:48:25 -0500

> Maybe we should trust the early-init-file as well, but then where does
> this end?  The init files can load gobs of other files.  And there's
> also custom-file (when it isn't nil), desktop-dirname and
> desktop-base-file-name, etc. etc.
> Stefan, WDYT about this?

For Emacs-30, I see no need to make changes to what we have in this
regard for the simple reason that `elisp-flymake-byte-compile` usually
doesn't give great feedback in init files or in most of those other
funny loaded files like desktop's (both false positives and false
negatives).  So there's no hurry in deciding whether to include
`early-init-file`, or `custom-file`, or `desktop-dirname`, or ...

More useful might be to auto-trust the packages's ELisp files
found in `load-path` (because these are files for which that backend
should usually give good quality feedback). But that's a bigger change
and it's not completely clear which files we should trust there, so
I don't think we're ready to add that in `emacs-30`.


        Stefan
This bug report was last modified 170 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.