GNU bug report logs - #78939
30.1.90; wishlist: separate storage location for safe-local-variable data

Previous Next

To reply to this bug, email your comments to 78939 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Christopher Howard <christopher <at> librehacker.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 30.1.90; wishlist: separate storage location for
 safe-local-variable data
Date: Tue, 01 Jul 2025 14:39:50 -0800

Emacs has a sophisticated system for managing safe evaluation of file and directory local variables, as documented in 51.2.4.2 Safety of File Variables, which I appreciate. However, something that I find bothersome is that the permanently recorded data for safe and unsafe values is stored in the custom-set-variables code, which is stored in the init file or another file of your choice. This creates a quandary for me because I like to use the customization system, but I don't want my customized settings to change often or to be highly system or project specific. Using the safety system in a routine manner results in the custom-set-variables code (which I keep in the init file) being filled with pages and pages of (mostly safe) values, which feels awkward.

In my mind, these safe and unsafe values are more like cached data which should be kept in a separate file, which I don't need to look at ever. As a wishlist item, could a facility be integrated which allows such data to be stored in a completely separate file?


In GNU Emacs 30.1.90 (build 1, x86_64-pc-linux-gnu, GTK+ Version
 3.24.43, cairo version 1.18.4) of 2025-06-23 built on theoden
Repository revision: a2bfce5d2a7d046a45c25364f3c69b3d8a776081
Repository branch: emacs-30
Windowing system distributor 'The X.Org Foundation', version 11.0.12401006
System Description: Guix System

Configured using:
 'configure --prefix=/home/christopher/local'

Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
LCMS2 LIBOTF LIBSELINUX LIBXML2 M17N_FLT MODULES NOTIFY INOTIFY PDUMPER
PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS
TREE_SITTER WEBP X11 XDBE XIM XINPUT2 XPM GTK3 ZLIB

Important settings:
  value of $EMACSLOADPATH: /home/christopher/local/share/emacs/30.1.90/lisp
  value of $EMACSNATIVELOADPATH: /home/christopher/.guix-home/profile/lib/emacs/native-site-lisp:/home/christopher/.guix-home/profile/lib/emacs/native-site-lisp:/home/christopher/.guix-home/profile/lib/emacs/native-site-lisp:/home/christopher/.guix-home/profile/lib/emacs/native-site-lisp
  value of $LANG: en_US.utf8
  locale-coding-system: utf-8-unix

Major mode: Info

Minor modes in effect:
  ready-player-mode: t
  repeat-mode: t
  pdf-occur-global-minor-mode: t
  engine-mode: t
  rcirc-track-minor-mode: t
  global-git-commit-mode: t
  magit-auto-revert-mode: t
  server-mode: t
  helm-mode: t
  helm-minibuffer-history-mode: t
  minibuffer-depth-indicate-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  show-paren-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  isearch-fold-quotes-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  minibuffer-regexp-mode: t
  buffer-read-only: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t

Load-path shadows:
/home/christopher/.emacs.d/elpa/helm-4.0.4/helm-packages hides /home/christopher/.emacs.d/elpa/helm-core-4.0.4/helm-packages
/home/christopher/.emacs.d/elpa/helm-4.0.4/helm-x-icons hides /home/christopher/.emacs.d/elpa/helm-core-4.0.4/helm-x-icons
/home/christopher/.emacs.d/elpa/magit-4.3.6/magit-dired hides /home/christopher/.emacs.d/elpa/magit-section-4.3.6/magit-dired
/home/christopher/.emacs.d/elpa/magit-4.3.6/magit-autorevert hides /home/christopher/.emacs.d/elpa/magit-section-4.3.6/magit-autorevert
/home/christopher/.emacs.d/elpa/transient-0.9.2/transient hides /home/christopher/local/share/emacs/30.1.90/lisp/transient

Features:
(shadow emacsbug fortran vc-hg vc-bzr apropos calc-yank tramp-cmds
wdired calc-embed ...)

Memory information:
((conses 16 4813246 531611) (symbols 48 61336 16)
 (strings 32 399993 91946) (string-bytes 1 78971958)
 (vectors 16 219636) (vector-slots 8 2817732 840987)
 (floats 8 7822 11910) (intervals 56 327806 10005) (buffers 992 229))

-- 
📛 Christopher Howard
🚀 gemini://gem.librehacker.com
🌐 http://gem.librehacker.com

בראשית ברא אלהים את השמים ואת הארץ

Message #8 received at 78939 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Christopher Howard <christopher <at> librehacker.com>,
 Stefan Monnier <monnier <at> iro.umontreal.ca>,
 Andrea Corallo <acorallo <at> gnu.org>, Stefan Kangas <stefankangas <at> gmail.com>
Cc: 78939 <at> debbugs.gnu.org
Subject: Re: bug#78939: 30.1.90;
 wishlist: separate storage location for safe-local-variable data
Date: Wed, 02 Jul 2025 14:41:41 +0300

> From: Christopher Howard <christopher <at> librehacker.com>
> Date: Tue, 01 Jul 2025 14:39:50 -0800
> 
> 
> 
> Emacs has a sophisticated system for managing safe evaluation of file and directory local variables, as documented in 51.2.4.2 Safety of File Variables, which I appreciate. However, something that I find bothersome is that the permanently recorded data for safe and unsafe values is stored in the custom-set-variables code, which is stored in the init file or another file of your choice. This creates a quandary for me because I like to use the customization system, but I don't want my customized settings to change often or to be highly system or project specific. Using the safety system in a routine manner results in the custom-set-variables code (which I keep in the init file) being filled with pages and pages of (mostly safe) values, which feels awkward.
> 
> In my mind, these safe and unsafe values are more like cached data which should be kept in a separate file, which I don't need to look at ever. As a wishlist item, could a facility be integrated which allows such data to be stored in a completely separate file?

I don't have an opinion on this, but maybe others (CC'ed) do.

In any case, if this is implemented as  an opt-in feature, I don't see
why we would object to have it.

Message #11 received at 78939 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: Christopher Howard <christopher <at> librehacker.com>,
 Andrea Corallo <acorallo <at> gnu.org>, Stefan Kangas <stefankangas <at> gmail.com>,
 78939 <at> debbugs.gnu.org
Subject: Re: bug#78939: 30.1.90; wishlist: separate storage location for
 safe-local-variable data
Date: Wed, 02 Jul 2025 10:18:02 -0400

>> In my mind, these safe and unsafe values are more like cached data which
>> should be kept in a separate file, which I don't need to look at ever. As
>> a wishlist item, could a facility be integrated which allows such data to
>> be stored in a completely separate file?
> I don't have an opinion on this, but maybe others (CC'ed) do.
> In any case, if this is implemented as  an opt-in feature, I don't see
> why we would object to have it.

I think the same can hold about various other Custom variables.  So if
someone wants to implement such a feature, I think the better way is to
add a feature to Customize whereby users can choose where to save
which variable.


        Stefan

Message #14 received at 78939 <at> debbugs.gnu.org (full text, mbox):

From: Christopher Howard <christopher <at> librehacker.com>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: Eli Zaretskii <eliz <at> gnu.org>, Andrea Corallo <acorallo <at> gnu.org>,
 Stefan Kangas <stefankangas <at> gmail.com>, 78939 <at> debbugs.gnu.org
Subject: Re: bug#78939: 30.1.90; wishlist: separate storage location for
 safe-local-variable data
Date: Wed, 02 Jul 2025 09:35:32 -0800

Just wondering: are there any other Customizable variables that are updated by Emacs outside of Customize itself? What seems unique about this case is that Emacs gives you a prompt when it encounters the file local variable (a frequent occurrence at least in my usage) and then updates Customize data depending on which key you press. Something else that seems unique is there is potentially a large amount of data being added frequently. This would be like if bbdb used Customize to store your contact information.

I'm not meaning to attack the idea proposed by Stefen, but I am wondering about that.

-- 
Christopher Howard

Message #17 received at 78939 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Christopher Howard <christopher <at> librehacker.com>
Cc: Eli Zaretskii <eliz <at> gnu.org>, Andrea Corallo <acorallo <at> gnu.org>,
 Stefan Kangas <stefankangas <at> gmail.com>, 78939 <at> debbugs.gnu.org
Subject: Re: bug#78939: 30.1.90; wishlist: separate storage location for
 safe-local-variable data
Date: Wed, 02 Jul 2025 14:58:11 -0400

> Just wondering: are there any other Customizable variables that are
> updated by Emacs outside of Customize itself?

Not many, but yes, some.  The only one that jumps to mind right now is
`package-selected-packages`.

> What seems unique about this case is that Emacs gives you a prompt
> when it encounters the file local variable (a frequent occurrence at
> least in my usage) and then updates Customize data depending on which
> key you press.

I don't know if your usage is common (for me, this var is changed fairly
rarely: if it's a file I visit regularly then there's no usually prompt,
and if not then I usually prefer not to save it for future sessions).

> Something else that seems unique is there is potentially a large
> amount of data being added frequently.  This would be like if bbdb used
> Customize to store your contact information.

[ I'd personally feel uneasy if that var had lots and lots of entries,
  since each one is a potential security hole, if I didn't think about it
  carefully enough.  🙂  ]

> I'm not meaning to attack the idea proposed by Stefen, but I am
> wondering about that.

I just mentioned it, because it's something that has been asked a few
times, for various reasons.  There's some existing third party support
for it, e.g.:

    https://github.com/dabrahams/initsplit

IMO, it would make sense to integrate such a feature.


        Stefan

Message #20 received at 78939 <at> debbugs.gnu.org (full text, mbox):

From: Sean Whitton <spwhitton <at> spwhitton.name>
To: Christopher Howard <christopher <at> librehacker.com>
Cc: 78939 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>,
 Andrea Corallo <acorallo <at> gnu.org>, Stefan Monnier <monnier <at> iro.umontreal.ca>,
 Stefan Kangas <stefankangas <at> gmail.com>
Subject: Re: bug#78939: 30.1.90; wishlist: separate storage location for
 safe-local-variable data
Date: Thu, 03 Jul 2025 10:56:08 +0100

Hello,

There are also a number of settings that get automatically updated
related to storing TLS certificates.  The customisation system as it
exists today serves two fairly distinct purposes at the same time --
explicit user customisation, and these saved/cached values taken in
response to user actions.

Could we associate to defcustoms a property that indicates they are
auto-updated by Lisp code, and so might want to be stored in a different
place?

-- 
Sean Whitton

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.