GNU bug report logs - #75017
31.0.50; Untrusted user lisp files

Previous Next

Package: emacs;

Reported by: john muhl <jm <at> pub.pink>

Date: Sat, 21 Dec 2024 20:50:02 UTC

Severity: normal

Found in version 31.0.50

Full log

Message #86 received at 75017 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Sean Whitton <spwhitton <at> spwhitton.name>
Cc: dmitry <at> gutov.dev, jm <at> pub.pink, stefankangas <at> gmail.com,
 75017 <at> debbugs.gnu.org
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
Date: Fri, 27 Dec 2024 10:35:56 +0200

> From: Sean Whitton <spwhitton <at> spwhitton.name>
> Cc: Eli Zaretskii <eliz <at> gnu.org>,  jm <at> pub.pink,  stefankangas <at> gmail.com,
>   75017 <at> debbugs.gnu.org
> Date: Fri, 27 Dec 2024 07:39:16 +0000
> 
> For Debian we'll probably patch in so everything that we install on the
> system is automatically trusted.  It seems natural to me to see this as
> the distributor's responsibility.

I think this is the end-user's responsibility, not yours.  So I urge
you to reconsider.  At the very least ask the user at installation
time whether she wants to declare the entire tree trusted, but don't
do it unconditionally, because it basically renders this change in
large part ineffective, and then why did we even bother to do it,
delaying the release etc.?
This bug report was last modified 171 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.