[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: One vs many directories
|
From: |
Jean Louis |
|
Subject: |
Re: One vs many directories |
|
Date: |
Wed, 25 Nov 2020 07:54:53 +0300 |
|
User-agent: |
Mutt/2.0 (3d08634) (2020-11-07) |
* Tim Cross <theophilusx@gmail.com> [2020-11-24 23:40]:
> > Thus it is only a security issue if you permanently accept that eval
> > file local variable and then open random org files that use it with a
> > malicious startup block. An eval file local variable like that which
> > blindly executes an org babel block should never be permanently
> > accepted
> >
>
> Quite right Tom.
>
> If people are really concerned about security, they should look first at
> their use of repositories like MELPA. There is no formal review or
> analysis of packages in these repositories, yet people will happily
> select some package and install it.
That is analogous to enabling local variables because user has been
asked. Popping up a window with question is often a dialogue that
users are asked in other software. Dialogues are often not read, just
as I was not reading it for years and I did click YES many times.
Using such variables is unsafe and the default should be not to
execute it without any question. Only when user enables local
variables then user should be asked to execute it. That would mean
that aware user knows why that is needed. Such will be able to answer
questions YES or NO.
Unaware users must answer something. To be aware one has to know Emacs
Lisp and deeper functions of Emacs. In beginning years it was just
fine to assume so due to general computing interests and people being
interested in every detail, today there are even more users of Emacs
who will not know what is going on.
I do not know for you, but when computer asks me anything YES or NO,
my tendency is to answer YES regardless if I have read it or not. This
same tendency may be with thousands of other users.
If I have invoked something on computer and I get asked anything, I
have tendency to approve whatever comes on me as I approved it by
invoking some action. Not that I am doing it every time yet I have the
tendency of doing it.
Observing users who are asked questions upon invokation of other
software I can say that many times users just click one of the
options, either YES or NO, but without real regard to the
meanings. The purpose to click either YES or NO is to continue one
step forward and randomity decides later what happens.
- Re: One vs many directories, (continued)
- Re: One vs many directories, Jean Louis, 2020/11/24
- Re: One vs many directories, Eric S Fraga, 2020/11/24
- Re: One vs many directories, Jean Louis, 2020/11/24
- Re: One vs many directories, Eric S Fraga, 2020/11/24
- Re: One vs many directories, Diego Zamboni, 2020/11/24
- Re: One vs many directories, Jean Louis, 2020/11/24
- Re: One vs many directories, Jean Louis, 2020/11/24
- Re: One vs many directories, Dr. Arne Babenhauserheide, 2020/11/24
- Re: One vs many directories, Tom Gillespie, 2020/11/24
- Re: One vs many directories, Tim Cross, 2020/11/24
- Re: One vs many directories,
Jean Louis <=
- Re: One vs many directories, Tim Cross, 2020/11/25
- Local variables issue - Re: One vs many directories, Jean Louis, 2020/11/25
- Re: One vs many directories, Jean Louis, 2020/11/25
- Re: One vs many directories, Tim Cross, 2020/11/25
- Security issues in Emacs packages, Jean Louis, 2020/11/25
- Re: Security issues in Emacs packages, tomas, 2020/11/25
- Re: Security issues in Emacs packages, Jean Louis, 2020/11/25
- Re: Security issues in Emacs packages, tomas, 2020/11/25
- Re: Security issues in Emacs packages, Tim Cross, 2020/11/25
- Re: Security issues in Emacs packages, Jean Louis, 2020/11/25