Jean Louis writes: > * Dr. Arne Babenhauserheide [2022-10-28 01:11]: >> >> Max Nikulin writes: >> >> > How are you going to distinguish your personal files and arbitrary >> > files from non-trusted sources? By signing your files and maintaining >> > list of trusted certificates? >> >> One idea that could work well is to add an explicit allow-list >> trusted-sources-to-allow-unsafe-modes with entries of domain and >> path-prefix where people can add trusted sources. > > That implies that for every content type you are supposed to do the > same. No, you misunderstood the proposal. > And what makes you want to limit people how they want to run their Org > files? The wish to limit the fallout when¹ this gets weaponized by criminals. If you explicitly allow-list trusted sources, bad actors have to take over your trusted server to attack you. That’s much less likely than bad actors taking over some random long-unmainted server of a link you stumbled upon. ¹: when, not if. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de