emacs-orgmode
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files cor

From: indieterminacy
Subject: Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly
Date: Wed, 26 Oct 2022 23:56:31 +0200 
On 26-10-2022 20:37, Jean Louis wrote:


I do not have special opinion of "publishing Org files" for unknown
people, if such people are not member of the group. That would require
training them to know what is Org mode, and finally why? Emacs is poor
general browser tool.

Greatest benefit of Org files being served and properly parsed by
Emacs by using HTTP is personal and group based. It is not mainly for
public use.

But one could think of it being analogous to Gemini.

https://gemini.circumlunar.space/

Public who does not use Emacs will not be interested in such.

They may download Org files and open it from file system. Same
insecurity exists by downloading them and opening them.
Just typical that Id raise Gemini just as you bring it up yourself (so many mails to sift through) :) 


Sometimes Org developer and maintainers do not have enough resources
to react to security-related reports. An issue not so dangerous in
the current state becomes really weird if Org mode becomes a default
handler for files fetched from net.


Your interpretation is improper, as you mentioned "default handler for
files fetched from net" -- and I was very specific, for text/x-org
content type that EWW get possibility to invoke org mode on such
files.

Quite logical. Emacs, Org mode and EWW, those shall work together. I
am surprised that it does not.

At least Russian Nginx WWW server supports me as user to configure it
so to serve Org files as text/x-org.

Though personally I have already found buggy solution with Emacs Lisp
modification to eww render function. I must improve it.
It is worth emphasizing that Gemini is conventionally designed to serve and receive files in isolation and that browsers are not expected to do anything beyond recognising the simple types of lines.
As such ceteris paribus Id like to thing that it should operate to minimise threats of vulnerabilities such as spreadsheets being used to interact with banking services.
Besides, the size and range of Gemini browsers and clients met with the size of these tools - combined with the acutal size of the Gemini community (let alone their competence grade) would make it a low priority for troublemakers to prioritise. 

--
Jonathan McHugh
indieterminacy@libre.brussels
reply via email to
[Prev in Thread] Current Thread [Next in Thread]