GNU bug report logs - #75017
31.0.50; Untrusted user lisp files

Previous Next

Full log

View this message in rfc822 format

From: Sean Whitton <spwhitton <at> spwhitton.name>
To: Dmitry Gutov <dmitry <at> gutov.dev>
Cc: Eli Zaretskii <eliz <at> gnu.org>, jm <at> pub.pink, stefankangas <at> gmail.com, 75017 <at> debbugs.gnu.org
Subject: bug#75017: 31.0.50; Untrusted user lisp files
Date: Fri, 27 Dec 2024 07:39:16 +0000

Hello,

On Wed 25 Dec 2024 at 01:29am +02, Dmitry Gutov wrote:

> Thank you. So the scenario where we would make the distinction is when the
> user managed to notice (somehow?) that the file had changed during the Emacs
> session, and then went to edit it.
>
> To be frank, I asked the question after reading the scenario from the first
> message, and it talks about early-init-file. IIUC this file lives in the same
> dir as the plain user-init-file, so the chances of them being edited by
> someone other than the user should be about equal, and we do "trust" the
> latter file automatically.
>
> Probably not too critical, but inconsistencies can be annoying (the user has
> to spend time figuring out whether something is broken and why).

For Debian we'll probably patch in so everything that we install on the
system is automatically trusted.  It seems natural to me to see this as
the distributor's responsibility.

-- 
Sean Whitton

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.