bug#44018: Don't consider play-sound-file to be a 'safe' function

[Basil L. Contovounesios]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Lars Ingebrigtsen <larsi@gnus.org>
>> Cc: Mattias Engdegård <mattiase@acm.org>,
>>   44018@debbugs.gnu.org
>> Date: Fri, 16 Oct 2020 07:39:05 +0200
>> 
>> My understanding of unsafep.el isn't that it's trying to protect against
>> any particular exploits, but just give a list of things that are totally
>> and utterly OK to eval.  So you have stuff like:
>> 
>> commit a8c41b4c0d3b0a3e87f17bbcdd8ac12dae296b3a
>> Author:     Chong Yidong <cyd@stupidchicken.com>
>> AuthorDate: Mon Oct 18 13:28:20 2010 -0400
>> 
>>     Don't allow functions that display messages in unsafep.
>> 
>> So even `message' isn't "safe" in this context.  I think it's odd to
>> have `play-sound-file' marked as "safe" if `message' isn't.
>
> Do you understand why 'message' was removed?  I don't, and couldn't
> find any discussion on Emacs lists that discussed that; I may have
> missed something.  I have no idea why 'message' could be unsafe.
> unsafep.el doesn't provide a high-level definition of what is
> considered "safe", unfortunately, and was evidently written for SES,
> so may have some bias due to that context.  Still, it is not clear to
> me why 'message' was removed.

FWIW, there's an @ignored section in doc/lispref/functions.texi that I
guess was intended to provide a higher-level description, but the
following paragraph is the best it currently manages to do:

  What is a safe Lisp expression?  Basically, it's an expression that
  calls only built-in functions with no side effects (or only innocuous
  ones).  Innocuous side effects include displaying messages and
  altering non-risky buffer-local variables (but not global variables).

-- 
Basil