[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correct
From: |
Dr. Arne Babenhauserheide |
Subject: |
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly |
Date: |
Fri, 28 Oct 2022 01:14:40 +0200 |
User-agent: |
mu4e 1.8.9; emacs 28.1 |
Jean Louis <bugs@gnu.support> writes:
> * Dr. Arne Babenhauserheide <arne_bab@web.de> [2022-10-28 01:11]:
>>
>> Max Nikulin <manikulin@gmail.com> writes:
>>
>> > How are you going to distinguish your personal files and arbitrary
>> > files from non-trusted sources? By signing your files and maintaining
>> > list of trusted certificates?
>>
>> One idea that could work well is to add an explicit allow-list
>> trusted-sources-to-allow-unsafe-modes with entries of domain and
>> path-prefix where people can add trusted sources.
>
> That implies that for every content type you are supposed to do the
> same.
No, you misunderstood the proposal.
> And what makes you want to limit people how they want to run their Org
> files?
The wish to limit the fallout when¹ this gets weaponized by criminals.
If you explicitly allow-list trusted sources, bad actors have to take
over your trusted server to attack you. That’s much less likely than bad
actors taking over some random long-unmainted server of a link you
stumbled upon.
¹: when, not if.
Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de
signature.asc
Description: PGP signature
- bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, (continued)
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Max Nikulin, 2022/10/27
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/27
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Quiliro Ordóñez, 2022/10/27
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Quiliro Ordóñez, 2022/10/27
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Dr. Arne Babenhauserheide, 2022/10/27
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/27
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly,
Dr. Arne Babenhauserheide <=
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Ihor Radchenko, 2022/10/27
bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Dr. Arne Babenhauserheide, 2022/10/28