From: "Dr. Arne Babenhauserheide" <arne_bab@web.de>
To: Tim Cross <theophilusx@gmail.com>
Cc: emacs-orgmode@gnu.org
Subject: Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly
Date: Thu, 27 Oct 2022 12:43:36 +0200 [thread overview]
Message-ID: <875yg5r0dg.fsf@web.de> (raw)
In-Reply-To: <86y1t2ky60.fsf@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3689 bytes --]
Tim Cross <theophilusx@gmail.com> writes:
> and people constantly use M-x package-install to install packages
> from GNU ELPA, nonGNU ELPA and MELPA, often with this misguided belief
> that these packages are being vetted by the security fairies.
Yes, and no. There is still a world of a difference between "any random
website can attack me when I just navigate there" and "installing a
package may not be safe".
This is a false whatabout: That packages are not safe does not mean that
attacks by any random website aren’t much *more* dangerous.
> While adding the sorts of controls you outline is not a bad idea, I
> think it is far more important to train people to accept that their
> system simply is not secure.
This treats security as a boolean. It is not. The chance and impact of a
breach matter a lot, and any random website being able to exploit a
weakness in org-mode incleases the chance and impact a lot.
That Emacs is not perfect does not mean that it doesn’t matter if we
make it worse.
> You should start from the position that
> Emacs is not secure. Why? Because it is a large, complex and powerful
> piece of software which has no formal security analysis or testing and
> is usually augmented with numerous packages of unknown quality from
> largely unknown sources. Essentially, Emacs already suffers from all the
> same issues identified for systems like node and the NPM ecosystem.
Yes. We should avoid adding *one more* issue that is actually worse than
the others.
And yes, we should rather reduce the number of packages we rely on. I’ve
done that multiple times in the past.
> The only think which is really providing protection for us Emacs users
> is that the rewards for compromising Emacs are too low for the effort
> required. Similar to why you don't see many viruses on macOS - it isn't
> that it is significantly more secure than Windows (these days), but
> rather the pool of potential 'targets' and scale of rewards are higher
> when you focus on the Windows environment. It is all about return on investment.
This is no longer true about macOS. It has grown to be a large target,
but it still is hard to crack.
Windows became safer by starting to add safeguards (like asking the user
for admin rights before doing admin stuff — essentially sudo) and taking
security seriously.
> update after formal review and testing of updated version, don't use
> Emacs for email or web browsing, only run emacs in an isolated locked
The point here is: Without auto-switching to org-mode, using emacs for
web browsing is likely reasonably safe. Adding this as default would
remove that.
> Even if you decide your risks are low, you may still decide to not use
> Emacs for some purposes. For example, you might decide not to use Emacs
> for password management or not use Emacs packages which require you to
> keep sensitive data (toekns, passwords, API keys etc) using insecure
> mechanisms etc.
You describe that whenever we do not care about security for some
mechanism, this removes this part of Emacs from the features people with
some security needs can use.
It breaks the integration of Emacs — which is one of its biggest
strengths — if we have to say “for convenience we enabled opening any
web document automatically in org-mode, so if you think that unsafe,
don’t browse the web with Emacs *anymore*”.
As secure as we can should be the default, not "change these random
configuration settings and avoid those features to get some security".
Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 1125 bytes --]
next prev parent reply other threads:[~2022-10-27 11:10 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-25 12:06 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Jean Louis
2022-10-25 15:02 ` Dr. Arne Babenhauserheide
2022-10-25 19:56 ` Jean Louis
2022-10-25 21:54 ` Dr. Arne Babenhauserheide
2022-10-26 7:57 ` Jean Louis
2022-10-26 11:55 ` Dr. Arne Babenhauserheide
2022-10-26 12:20 ` Jean Louis
2022-10-26 12:45 ` Andreas Schwab
2022-10-26 13:19 ` bug#58774: " Jean Louis
2022-10-26 13:55 ` Andreas Schwab
2022-10-26 17:36 ` Jean Louis
2022-10-27 7:58 ` Andreas Schwab
2022-10-27 8:40 ` Jean Louis
2022-10-27 11:22 ` Andreas Schwab
2022-10-27 11:23 ` Dr. Arne Babenhauserheide
2022-10-26 7:59 ` Jean Louis
2022-10-25 23:03 ` Ihor Radchenko
2022-10-26 6:07 ` bug#58774: " Stefan Kangas
2022-10-26 6:52 ` Ihor Radchenko
2022-10-26 8:24 ` Jean Louis
2022-10-26 20:22 ` indieterminacy
2022-10-26 11:30 ` Dr. Arne Babenhauserheide
2022-10-26 21:41 ` Tim Cross
2022-10-27 10:43 ` Dr. Arne Babenhauserheide [this message]
2022-10-26 13:15 ` Stefan Kangas
2022-10-26 8:21 ` Jean Louis
2022-10-26 17:07 ` Max Nikulin
2022-10-26 18:37 ` Jean Louis
2022-10-26 21:16 ` Dr. Arne Babenhauserheide
2022-10-27 4:25 ` tomas
2022-10-27 11:10 ` Dr. Arne Babenhauserheide
2022-10-26 21:56 ` indieterminacy
2022-10-26 20:00 ` Tim Cross
2022-10-25 22:13 ` Ag Ibragimov
2022-10-26 8:28 ` Jean Louis
2022-10-26 13:00 ` Rudolf Adamkovič
2022-10-26 13:42 ` bug#58774: " Jean Louis
2022-10-27 4:55 ` Jean Louis
2022-10-27 11:13 ` Dr. Arne Babenhauserheide
2022-10-27 17:41 ` Jean Louis
2022-10-27 21:43 ` Dr. Arne Babenhauserheide
2022-10-27 15:35 ` bug#58774: " Max Nikulin
2022-10-27 17:58 ` Jean Louis
2022-10-27 21:49 ` Dr. Arne Babenhauserheide
2022-10-27 18:25 ` Jean Louis
2022-10-27 19:53 ` Quiliro Ordóñez
2022-10-27 19:58 ` Quiliro Ordóñez
2022-10-27 21:57 ` Dr. Arne Babenhauserheide
2022-10-27 22:18 ` Jean Louis
2022-10-27 23:14 ` Dr. Arne Babenhauserheide
2022-10-27 23:20 ` Ihor Radchenko
2022-10-28 8:28 ` Dr. Arne Babenhauserheide
2022-11-02 4:09 ` Ihor Radchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875yg5r0dg.fsf@web.de \
--to=arne_bab@web.de \
--cc=emacs-orgmode@gnu.org \
--cc=theophilusx@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).