[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The `risky-local-variable' blacklist
From: |
Richard Stallman |
Subject: |
Re: The `risky-local-variable' blacklist |
Date: |
Tue, 31 Aug 2004 18:07:03 -0400 |
The problem with the change you've proposed is that we'd have to go
through and find check nearly all the variables in Emacs, and mark
most of them as ok to change. That is a lot of work.
The default is already no for the kinds of variable names
that are typically used for dangerous variables, those that
hold commands, function names, expressions, etc. Given that
Emacs users don't regularly get files in the mail and give
their local variables a chance to run, I don't think we have
enough of a danger to justify all that work.
* Do not make `compile-command' safe;
This is a commonly used feature. Simply eliminating it would make
users quite unhappy.
Here's an idea that might do the job and be acceptable. Each time
Emacs sees a variable/value combination that is new for the current
user, it asks the user to confirm that combination. Any given
combination only needs to be confirmed once by any given user. This
could reduce the repetitive nuisance down to the point where people
will (1) accept the burden and (2) not zone out when they see the
questions.
What do you think?
Also, the protection versus honoring `eval' settings when root does little
good since it does not apply in other cases; anyone interested in rooting
via Emacs surely knows this.
Sorry, I do not follow you here.
* Do not use `enable-local-eval' as a local flag to prevent dangerous bugs
in its handling;
Why not?