From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id qPi0BBVnWmOqJQAAbAwnHQ (envelope-from ) for ; Thu, 27 Oct 2022 13:10:13 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id UPeMAxVnWmNGgQEAG6o9tA (envelope-from ) for ; Thu, 27 Oct 2022 13:10:13 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7AFCE2E3C3 for ; Thu, 27 Oct 2022 13:10:12 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oo0jI-0001OX-TZ; Thu, 27 Oct 2022 07:07:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oo0jG-000191-Ua for emacs-orgmode@gnu.org; Thu, 27 Oct 2022 07:07:19 -0400 Received: from mout.web.de ([212.227.15.4]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oo0jD-0006oA-TE for emacs-orgmode@gnu.org; Thu, 27 Oct 2022 07:07:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=s29768273; t=1666868833; bh=XuwIJQFDKhT0TH8W/GhLJ1TWdhH3Zpf8uB2lYZgQVcE=; h=X-UI-Sender-Class:References:From:To:Cc:Subject:Date:In-reply-to; b=kdykJYVrdfnoS/STC/zYgt9agMz6XA1jb4UMwLc1f7j3fV2neRddSx3t0C5ub3W5X rCMxEmxolePdKw9Zcpwj3M0AWyp8Jt+A1eim8anyHo6ZtA9GbWiZgGBIChv755eb0I UwSQOPtwGcdh4ViTIQPLpt/ffrVU/BRIl3TUwy2S/VPqOolaDk/FNdmVB8+OquLpZe yWb3rXIrm/OAhVOHouV9LXhzva2JE9wBFtvCdSGAGngk213/GaYlHuJGQs7t/b/Cdc cThEiJUzt71OJmFlH/yjxFqF2zMxfkO0Kv9yhjJFvWgYOsYt4yGg1xF0roSc0sdoZo H5W7tHnopcETg== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from fluss ([84.165.20.127]) by smtp.web.de (mrweb005 [213.165.67.108]) with ESMTPSA (Nemesis) id 1MJFhX-1oTsLb3jqN-00KfKx; Thu, 27 Oct 2022 13:07:12 +0200 References: <86bkq0qf8p.fsf@protected.rcdrun.com> <87bkq0t03l.fsf@web.de> <87v8o7qzff.fsf@localhost> <87zgdjoz3r.fsf@localhost> <87eduusst7.fsf@web.de> <86y1t2ky60.fsf@gmail.com> User-agent: mu4e 1.8.9; emacs 28.1 From: "Dr. Arne Babenhauserheide" To: Tim Cross Cc: emacs-orgmode@gnu.org Subject: Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Date: Thu, 27 Oct 2022 12:43:36 +0200 In-reply-to: <86y1t2ky60.fsf@gmail.com> Message-ID: <875yg5r0dg.fsf@web.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Provags-ID: V03:K1:iIftw9CvcdWW+IujlhIJKsEzmAfo0OKqQj46WLA9UsmC3gPJ6jv mJCTsEwrfsZkh/7UCm1Qdx9SIALIHHtRRJ1bWLmvmXP2rbBFPqPOTIwCSI1+TTg6J9A6um4 +wVxPK5XP7yQG/0OqSCHtXkFfbm9T2MVdqduuERG0y9OWHKQmbGIOiOwoNGPhm5PoO5pWKR 03kpgp1TtGbBZ9cYT/0JA== UI-OutboundReport: notjunk:1;M01:P0:Z16ZrkpSon8=;KYUmZa9BIFfoFcaEFOsvDnd6rWD hzXfxvOQkPPiKtLhyZmoROVlK89dbEOZLLaFLtYede+M1sD+BL8rIUsk+xafmkNZd6CjJxQoS 0Kb59panShZjoltUgEUmhE+QQM5ytYwmdNscoQHyM9usnKKsiaa6gagr7NrvEt5oKTQX6mCVW vht8zRgYuIkndy8xGgK8Eio5fncjtYq2sLRKEOsSgmk/r3d4aJ7x6KIvzfSFEX7iOvFNGOxQD WwlE+KY9FHQoammI71fANfNJYzdNK3ce1ZVUyoJdD6nRmynnHjMADqQDimq4fR8scdrCLwCWI XDlJOA9FcgKVBYaQErg8ue0mX67Z17fOsHnpgllMvuyCdGZGIcb51WLw5SBu3JOlR7o266oYz 87t8Vsmb4PJwlYTlA69J4QC+92ITx1//qSqeNiUmqqSfPJ0gsU5TSnTjnGXOe4WXpwWzw+BCK EXk+0wRKyGmRuPuC1u8zdQpAhvA1E6Pup+FTs0Sirrx67xX3OyaiM/yewG18FJFoKc8L16o9u 1If432gGmSSmlQvCI/cZX3macsCoqX3kILXsocNC7dyahhMByAuXIyHIJtFv52rUqa9v+/JPp fEQfT/ScCuMU/cv8xqdCIG68VlzwZJLgSnsvh0LRqw50ZBCqz0pRjWGwyRayPkbKJkE89je1N rwZq9W/uO7iHvYVdzcHxx3Buy/zLkwXpj6/RJCvj2wsnPGPCFUITMrCO9VR7ru02+hQFKPh8z Fx+qr57DQDFm2BxlXZvnw2hjPHSgE+vQgo3UepqA5di1yV4DUyRQYjqqhkrBP61CWsKh94fdH NlODDeONLASzadRo4WLzta5joWGnPyJHc1zV62pVQ1/K4tNug7dCSe+fjvE1xNFCYZU+Qyh9i e8Jg/TUbghxiS5JaFsIbx1qq13ACwq/bzaMCoeXEArOaKGYXazJiJbAxzoZc8Hz8ITeODQZ9F 7Oh5tgtnvoz0kDorVzJvFzx4TZ4= Received-SPF: pass client-ip=212.227.15.4; envelope-from=arne_bab@web.de; helo=mout.web.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Emacs-orgmode" Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1666869012; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=XuwIJQFDKhT0TH8W/GhLJ1TWdhH3Zpf8uB2lYZgQVcE=; b=adyuHcW5FWbjceP0gTJvXrxEFzh3Kd8PCCddP90M0q4q2FC+5yag/RZUfUkT1cB2KohVwZ frT9XtMrTQ05PKJI4U4MxI2bNN1m0Olv6e6xwMs6nme5Rf1wRBRkRBA85Tnoa+miBUxJj5 CQd6x5475Gr7yhNX1eapghDh1raEBnRwzxbQz8g7+aj9q6eBU0uxNZYphfnN3M5al9A/o+ oLXINC7N/Bmp/ae61iYbsdkbxlO4MOaLC6ev87ylgq8O3MFQmEvk+fzh1V/3TIqECK90z7 CDe34EvdwGqLSyS5prjxL5yXyWQuaScH7J4+Nn5bmBZHPHvJgz/S+oJnbFXIrg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1666869012; a=rsa-sha256; cv=none; b=ZktathTbDDKwrEBcJXtBZ8POl2N5b0JPWXZvYeXhPMyFzNJw/4IFc89a2Uni2a5uS40exV c4CZNjiHnQ0VvczV9u7vrsfqfwb0HhQGxSpgkGKwp4R/bhQ1TOAR7frhNNY1H8lgBtHr/4 yNvixIc6l0v4AtlhdLffkqpTcBE7xDRk92nwkFgoWekTdx76Dnwvd8a+tHQMIV6T0nQWoZ WX5Gnw7maYVW/yWh08EHf6PE/iOwKQKGLY4cZbriV/NHI6RyGPzpFHMJIudJ+Imp4fmby6 3kAkYuVInzZXD+nJwZnxuUgoersH7lEzM1Ko2HY8x2vuyBpToIcIZ55b/kaq3g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=web.de header.s=s29768273 header.b=kdykJYVr; dmarc=pass (policy=none) header.from=web.de; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -7.12 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=web.de header.s=s29768273 header.b=kdykJYVr; dmarc=pass (policy=none) header.from=web.de; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 7AFCE2E3C3 X-Spam-Score: -7.12 X-Migadu-Scanner: scn0.migadu.com X-TUID: umS5hQaasDVA --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Tim Cross writes: > and people constantly use M-x package-install to install packages > from GNU ELPA, nonGNU ELPA and MELPA, often with this misguided belief > that these packages are being vetted by the security fairies.=20 Yes, and no. There is still a world of a difference between "any random website can attack me when I just navigate there" and "installing a package may not be safe". This is a false whatabout: That packages are not safe does not mean that attacks by any random website aren=E2=80=99t much *more* dangerous. > While adding the sorts of controls you outline is not a bad idea, I > think it is far more important to train people to accept that their > system simply is not secure. This treats security as a boolean. It is not. The chance and impact of a breach matter a lot, and any random website being able to exploit a weakness in org-mode incleases the chance and impact a lot. That Emacs is not perfect does not mean that it doesn=E2=80=99t matter if we make it worse. > You should start from the position that > Emacs is not secure. Why? Because it is a large, complex and powerful > piece of software which has no formal security analysis or testing and > is usually augmented with numerous packages of unknown quality from > largely unknown sources. Essentially, Emacs already suffers from all the > same issues identified for systems like node and the NPM ecosystem.=20 Yes. We should avoid adding *one more* issue that is actually worse than the others. And yes, we should rather reduce the number of packages we rely on. I=E2=80= =99ve done that multiple times in the past. > The only think which is really providing protection for us Emacs users > is that the rewards for compromising Emacs are too low for the effort > required. Similar to why you don't see many viruses on macOS - it isn't > that it is significantly more secure than Windows (these days), but > rather the pool of potential 'targets' and scale of rewards are higher > when you focus on the Windows environment. It is all about return on inve= stment. This is no longer true about macOS. It has grown to be a large target, but it still is hard to crack. Windows became safer by starting to add safeguards (like asking the user for admin rights before doing admin stuff =E2=80=94 essentially sudo) and t= aking security seriously. > update after formal review and testing of updated version, don't use > Emacs for email or web browsing, only run emacs in an isolated locked The point here is: Without auto-switching to org-mode, using emacs for web browsing is likely reasonably safe. Adding this as default would remove that. > Even if you decide your risks are low, you may still decide to not use > Emacs for some purposes. For example, you might decide not to use Emacs > for password management or not use Emacs packages which require you to > keep sensitive data (toekns, passwords, API keys etc) using insecure > mechanisms etc. You describe that whenever we do not care about security for some mechanism, this removes this part of Emacs from the features people with some security needs can use. It breaks the integration of Emacs =E2=80=94 which is one of its biggest strengths =E2=80=94 if we have to say =E2=80=9Cfor convenience we enabled o= pening any web document automatically in org-mode, so if you think that unsafe, don=E2=80=99t browse the web with Emacs *anymore*=E2=80=9D. As secure as we can should be the default, not "change these random configuration settings and avoid those features to get some security". Best wishes, Arne =2D-=20 Unpolitisch sein hei=C3=9Ft politisch sein, ohne es zu merken. draketo.de --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE801qEjXQSQPNItXAE++NRSQDw+sFAmNaZl8QHGFybmVfYmFi QHdlYi5kZQAKCRAT741FJAPD66uRD/0Tw5iesx7Xzt+ZTwUuwN9TkixWxCxzrqEo 5XZRWnbF1vpU2i4WH9eF287ZGbOJnza8zoDY8NW19Fe/8+h1Vs70zLWJj7HFq02u b9iTfvsPPCCx3MIUtJ48ObVzwY00CO0xFwhyccvzO92OWS5oi1+ei8S0+Iscd7GW 7rJcmlWPWet+WcJqQ9ueJ5dFhec+cEomSVvjO/pO8izZs7FOL/FzM7GjVuRI7pJJ vC6WknBJtNaQtLN95BrIao+XVT4MJem4SPoAgcwRO/mUDGNPBLd3X6MSZZ1fRhm5 VCBhpGULNF6+Qm1jwHlDfpCwwba8/xn77woNzTPrZMjP2F2iFSH8QoydXhy2mglW VbbFY7IYO8SvJ/Nk1kTKDh/efPIdLPd5PiEPKcWxr0d3OMphNDfJlOWgjSztGzHF QOezVbkk0BB2sBGW1I86z0qEWwjRAbLPdDDC0praNA2TtnUKIiAdVh53YQLavhwz T09vkVpjqfVX3PGHYXsjjtkFWixmq/KNvCM1ivKAyaU0oGxVdXSH1WDzBxtCjqYw i76ft4kAipuFCQNwWAr4CaYVCiRPirojLA4XwXBXiD0AqXNSpi9eX0rP8AD/jFbc jYXyPb6Eiu3QA1qI/AlBhbqeT3dWOnrMqmeTI+p7u4PjqYG3+KnWjzDkn20RBtC2 NKkUeFCAhIjEBAEBCAAuFiEE3Si95tmHXKvOSosd3M8NswvBBUgFAmNaZl8QHGFy bmVfYmFiQHdlYi5kZQAKCRDczw2zC8EFSG6iA/9biKTf2EfuV0FJmLAQP4NxxBZo vTQ41GIdCsjHyzHjYsut9GzsutgEEW8F1UVlkK/TY3jNMl2q0U8vAMgf8OpxUgHF yJeBe849mq9uU5MAp/1HAR02y4B8X2ltp0g2P+UmUFZ1a/9xa7EgZp2pewj/bjCu /IHx9ilD4+dh5TIY+Q== =0pml -----END PGP SIGNATURE----- --=-=-=--