[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Autoload from a web page?
|
From: |
Lennart Borgman |
|
Subject: |
Re: Autoload from a web page? |
|
Date: |
Tue, 29 Dec 2009 02:39:04 +0100 |
On Tue, Dec 29, 2009 at 2:32 AM, Stephen J. Turnbull <address@hidden> wrote:
> Lennart Borgman writes:
>
> > In a situation like that it is possible to set up for autoloading
> > things by downloading them from the web without compromising security
> > (or at least not more than when you download a file yourself) since
> > you know which files will be downloaded.
>
> Why would the user know which files would be downloaded, and from
> where? The whole point is to do it automatically, without troubling
> the user. If the user is going to go to the trouble of *carefully*
> verifying sources and so on, little is saved. On the other hand, it
> would be easy enough to register a domain like "savannah.gnu.org.to",
> and a lot of folks might miss that, if they even looked at all.
>
> Think of this like rules against talking on your cellphone while
> driving. Cellphone use is not an absolute guarantee you'll kill
> somebody, and abstinence from cellphone use is no guarantee you
> won't. Some people do use cellphones responsibly while driving, and
> so on. But for the typical driver it does vastly increase the risks.
>
> And so does any automated downloading and execution scheme.
While the comparision is funny it is not quite fair ;-)
To answer your questions:
* The user should not have to know much, only the starting location
for the download.
* It is thereafter the already downloaded files that have information
about what to download.
* This will hopefully ensure that only trusted files are downloaded.
* The information about what to download is basically in autoload and require
* ... because during collection of autoloads the relative file paths
are also recorded.
* ... and this information have been downloaded first.
* The downloaded files will be in a mirrored tree structure to where
they came from.
* The price carries of course a defadviced require that does this magic.
* It would be possible to download many of the Emacs core files this
way, actually
* ... but of course it is more meant for external packages.
Unfortunately the whole thing fails at the moment because of bugs in
url-copy-file... - some timeout or something. I have never cared to
report this bugs before because they are very complicated... ;-)
- Autoload from a web page?, Lennart Borgman, 2009/12/25
- Re: Autoload from a web page?, Richard Stallman, 2009/12/26
- Re: Autoload from a web page?, Lennart Borgman, 2009/12/26
- Re: Autoload from a web page?, joakim, 2009/12/28
- Re: Autoload from a web page?, Lennart Borgman, 2009/12/28
- Re: Autoload from a web page?, Tom Tromey, 2009/12/28
- Re: Autoload from a web page?, Lennart Borgman, 2009/12/29
- Re: Autoload from a web page?, Richard Stallman, 2009/12/30
- Re: Autoload from a web page?, Jonas Bernoulli, 2009/12/30
- Re: Autoload from a web page?, Stefan Monnier, 2009/12/30
- Re: Autoload from a web page?, Jonas Bernoulli, 2009/12/30
- Re: Autoload from a web page?, Phil Hagelberg, 2009/12/31
- Re: Autoload from a web page?, Ted Zlatanov, 2009/12/29