|
From: | Dmitry Gutov |
Subject: | Re: Maintainers and contributors |
Date: | Thu, 22 Oct 2015 22:08:12 +0300 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:42.0) Gecko/20100101 Thunderbird/42.0 |
On 10/22/2015 09:27 PM, John Wiegley wrote:
As it stands, the falling out with Taylan was not entirely technical. I've spoken to Taylan on IRC, and he is actually a very reasonable fellow. Mainly, there was a difference between his desire, and his position, that we missed:
He indeed gives that impression, most of the time.
Desire: Avoid security vulnerabilities in his code.
That desire itself ("in his code" vs "in Emacs") doesn't make much sense, because you cannot use his code without using Emacs. And Emacs uses shell-quote-argument in many places. If that function is vulnerable, you're most likely screwed anyway.
Position: `shell-quote-argument' violates this desire, and should not be used. Since emacs-devel probably can't fix `shell-quote-argument' today, rewrite it until it is fixed. Had the discussion been about this desire, we could have talked about whether he should bother worrying about security in the context of Emacs, since we generally don't put much focus there. Eli did start to mention this, but I think it was lost in the storm, or seen as a dodge.
This point and others have been made. Like Eli said in another email, some people just can't accept different views.
[Prev in Thread] | Current Thread | [Next in Thread] |