Re: Security flaw in EDE; new release plans

[Daniel Colascione]

On 1/8/12 11:06 PM, Chong Yidong wrote:
> Daniel Colascione <address@hidden> writes:
> 
>> I never got around to committing the patch below to the emacs-23
>> branch. Would it be okay to add it before the 23.4 release?
>>
>> + (put 'lexical-binding 'safe-local-variable t)
> 
> What's the rationale?  If Emacs 23 users try to load Lisp libraries that
> use lexical binding, that will tend to lead to bugs, so why make it
> *easier* for that to happen?

My proposed patch makes it painless to edit Emacs 24 lisp using Emacs
23. A user might want to read or backport Emacs 24 lisp files, and
because it's possible to write lisp that works correctly whether
lexical-binding is on or off, a user might even legitimately want to
load these files.

The warning about the lexical-binding variable appears only when a
user tries to edit a file with lexical-binding. If an Emacs 23 user
tries to load or compile such a file, he won't receive a warning. If
we wants to guard against loading a file in an Emacs without support
for lexical-binding, an (assert (boundp 'lexical-binding)) at toplevel
should do the trick; a more general solution would be to add code to
the Emacs 23 lisp reader or byte compiler to reject files that specify
lexical-binding.

As far as editing itself is concerned, though, lexical-binding is
indeed a harmless variable in Emacs 23: inert, sure, but harmless.

signature.asc
Description: OpenPGP digital signature