From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 8JCMKeWtWWNQxgAAbAwnHQ (envelope-from ) for ; Thu, 27 Oct 2022 00:00:05 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id eFCgKOWtWWPZuwAAG6o9tA (envelope-from ) for ; Thu, 27 Oct 2022 00:00:05 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5E6973DDBD for ; Thu, 27 Oct 2022 00:00:05 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1onoOC-0003QS-IX; Wed, 26 Oct 2022 17:56:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1onoO4-0003B2-PP for emacs-orgmode@gnu.org; Wed, 26 Oct 2022 17:56:36 -0400 Received: from libre.brussels ([144.76.234.112]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1onoO2-00015R-GS for emacs-orgmode@gnu.org; Wed, 26 Oct 2022 17:56:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=libre.brussels; s=mail; t=1666821391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=poXQm1LtcweBhBuyo4DGtuT35nYgR+0P1LIbPZcve94=; b=fnwWgjbG7RWE7bsrr4d8RlfB209nPVUP/dmLoigaZVXm7TYjJIRgil5cvvZN+TUdIeIXOQ ITuNqQ4QGobCkjhgFwVs4+LW9fI/2Q9LYXGfk6WSUab+u0f37Tpv0cDkiJl1DXzn6IATYl az25+eJYMfFbmOA0cx6Rrc+Giej09UI= MIME-Version: 1.0 Date: Wed, 26 Oct 2022 23:56:31 +0200 From: indieterminacy To: Max Nikulin , Stefan Kangas , 58774@debbugs.gnu.org, emacs-orgmode@gnu.org Subject: Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly In-Reply-To: References: <86bkq0qf8p.fsf@protected.rcdrun.com> <87bkq0t03l.fsf@web.de> <87v8o7qzff.fsf@localhost> Message-ID: <6134bfe5e5d0b971035406385af683e8@libre.brussels> X-Sender: indieterminacy@libre.brussels Organization: Icebreaker Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=144.76.234.112; envelope-from=indieterminacy@libre.brussels; helo=libre.brussels X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Emacs-orgmode" Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1666821605; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=poXQm1LtcweBhBuyo4DGtuT35nYgR+0P1LIbPZcve94=; b=RLzD9RXtyrzq7bg1ai+J2EWEytXr9OuYh1Y7UyJc2rNUaKkm0RL741cqpSlMLZvDs/HcQy TgNeMhom4OqQQOoN14SPV9K5T/wxjZs/B09GUD3XCCGb7uxJfSiYvpYaRFAIo7kVe4gpO7 XoqFW68JgQ2NzUfiAVPgbnJPv1q1UlUASw2fGPxuzmff0ORr9JtEv43Q5iPZtBr3/IgXml m5qxWACBc6/YThuAjg6vVpqYpx7uohe0uDmVn30EXQ/+qg2sJN6VGe2vK1xuMOWtruaSYX 6P6FxxsZWGCvmGw9QQSYOivzQNY+xFm8nYuDnge0mhX++c6KeY1c7+u+rRjuQQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1666821605; a=rsa-sha256; cv=none; b=jwcduVp2qar+FpXdCqE50kypWqkzl7zj6p06KfczD4Gcl+AgRo9SxLc0qBw9WavR3ql31H Fl8dviCuVk7PgZOKAKbxc/kOHGABRv7HwVIVYAcGUKcZhbRVH/oE+A7/SR/4/yRVspM16z Q2JxNDOgsrmp1Edxml1WUwb5nR9ULM1gWrlzHc8ct0TIlxBVlbD3zOlR4HrSMb+gNElxBU F2qhIU8Wp0QQVtaxmrkNB+NaBfTglP1CIfOyXAHDWRLUXGtB5/FoPMpVOghun+WsfFrfwx bhOprC+dyJHs51mM2SGCFyp0QiBkjJssGxJDLmPntP8X3TUqrLeXE6VtChe7bw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=libre.brussels header.s=mail header.b=fnwWgjbG; dmarc=pass (policy=none) header.from=libre.brussels; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.42 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=libre.brussels header.s=mail header.b=fnwWgjbG; dmarc=pass (policy=none) header.from=libre.brussels; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 5E6973DDBD X-Spam-Score: -2.42 X-Migadu-Scanner: scn1.migadu.com X-TUID: rVApSYGmNJ1R On 26-10-2022 20:37, Jean Louis wrote: > > I do not have special opinion of "publishing Org files" for unknown > people, if such people are not member of the group. That would require > training them to know what is Org mode, and finally why? Emacs is poor > general browser tool. > > Greatest benefit of Org files being served and properly parsed by > Emacs by using HTTP is personal and group based. It is not mainly for > public use. > > But one could think of it being analogous to Gemini. > > https://gemini.circumlunar.space/ > > Public who does not use Emacs will not be interested in such. > > They may download Org files and open it from file system. Same > insecurity exists by downloading them and opening them. > Just typical that Id raise Gemini just as you bring it up yourself (so many mails to sift through) :) >> Sometimes Org developer and maintainers do not have enough resources >> to react to security-related reports. An issue not so dangerous in >> the current state becomes really weird if Org mode becomes a default >> handler for files fetched from net. > > Your interpretation is improper, as you mentioned "default handler for > files fetched from net" -- and I was very specific, for text/x-org > content type that EWW get possibility to invoke org mode on such > files. > > Quite logical. Emacs, Org mode and EWW, those shall work together. I > am surprised that it does not. > > At least Russian Nginx WWW server supports me as user to configure it > so to serve Org files as text/x-org. > > Though personally I have already found buggy solution with Emacs Lisp > modification to eww render function. I must improve it. > It is worth emphasizing that Gemini is conventionally designed to serve and receive files in isolation and that browsers are not expected to do anything beyond recognising the simple types of lines. As such ceteris paribus Id like to thing that it should operate to minimise threats of vulnerabilities such as spreadsheets being used to interact with banking services. Besides, the size and range of Gemini browsers and clients met with the size of these tools - combined with the acutal size of the Gemini community (let alone their competence grade) would make it a low priority for troublemakers to prioritise. -- Jonathan McHugh indieterminacy@libre.brussels