From: Jean Louis <bugs@gnu.support>
To: Max Nikulin <manikulin@gmail.com>
Cc: 58774@debbugs.gnu.org, Org Mode List <emacs-orgmode@gnu.org>
Subject: Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly
Date: Thu, 27 Oct 2022 20:58:21 +0300 [thread overview]
Message-ID: <Y1rGvZCTRwUDtNoG@protected.localdomain> (raw)
In-Reply-To: <d8bead8c-f97d-1de5-ae06-df81fefb7389@gmail.com>
* Max Nikulin <manikulin@gmail.com> [2022-10-27 18:40]:
> On 27/10/2022 11:55, Jean Louis wrote:
> >
> > Now is clear that main problem here is that Org advertises somewhere
> > to be "text" in MIME context, while it is not, it is by default
> > "application" and thus unsafe, see:
> ...
> > Text Media Types
> > https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.1
>
> I do not see any problem or any difference what MIME type you are going to
> associate with Org mode. I agree with Arne that text/... type is more
> appropriate for a format readable as text. I do not see any contradictions
> with that RFC.
You were the one speaking and reporting that Org executes Emacs Lisp.
And now you imply that it is safe to open it because it is text? 👀
If Org or any file implies possible execution when loaded, and Org
implies it, it is not any more "text/*" MIME type.
From:
https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.5
> 4.2.5. Application Media Types
> The "application" top-level type is to be used for discrete data that
> do not fit under any of the other type names, and particularly for
> data to be processed by some type of application program. This is
> information that must be processed by an application before it is
> viewable or usable by a user.
That is exactly the case with Org. Of course, one could minimize org
file to empty string, and say this is Org file and there is no
execution necessary, so it is "text".
Otherwise information must be processed by application which is
clearly the Org package before it is viewable or usable by a user.
> Expected uses for the "application" type name include but are not
> limited to file transfer, spreadsheets, presentations, scheduling
> data, and languages for "active" (computational) material.
✔️ YES, we have spreadsheets in Org which results may be viewable only
after computed.
✔️ YES, we have scheduling data, which is viewable only in Org agenda
or by using computations.
✔️ YES, we have languages for active computational material.
> (The last, in particular, can pose security problems that must be
> understood by implementors. The "application/postscript" media type
> registration in [RFC2046] provides a good example of how to handle
> these issues.)
> For example, a meeting scheduler might define a standard
> representation for information about proposed meeting dates.
✔️ YES, we have that functionality in Org.
> An intelligent user agent would use this information to conduct a
> dialog with the user, and might then send additional material based
> on that dialog.
> More generally, there have been several "active" languages developed
> in which programs in a suitably specialized language are transported
> to a remote location and automatically run in the recipient's
> environment. Such applications may be defined as subtypes of the
> "application" top-level type.
✔️ YES, that is exactly what we have in Org mode, as Babel allows
executions of several active languages, and by transferring Org files,
to remote location they may be automatically run in the recipient's
environment.
> The subtype of "application" will often either be the name or include
> part of the name of the application for which the data are intended.
> This does not mean, however, that any application program name may
> simply be used freely as a subtype of "application"; the subtype needs
> to be registered.
--
Jean
Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns
In support of Richard M. Stallman
https://stallmansupport.org/
next prev parent reply other threads:[~2022-10-27 19:28 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-25 12:06 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Jean Louis
2022-10-25 15:02 ` Dr. Arne Babenhauserheide
2022-10-25 19:56 ` Jean Louis
2022-10-25 21:54 ` Dr. Arne Babenhauserheide
2022-10-26 7:57 ` Jean Louis
2022-10-26 11:55 ` Dr. Arne Babenhauserheide
2022-10-26 12:20 ` Jean Louis
2022-10-26 12:45 ` Andreas Schwab
2022-10-26 13:19 ` bug#58774: " Jean Louis
2022-10-26 13:55 ` Andreas Schwab
2022-10-26 17:36 ` Jean Louis
2022-10-27 7:58 ` Andreas Schwab
2022-10-27 8:40 ` Jean Louis
2022-10-27 11:22 ` Andreas Schwab
2022-10-27 11:23 ` Dr. Arne Babenhauserheide
2022-10-26 7:59 ` Jean Louis
2022-10-25 23:03 ` Ihor Radchenko
2022-10-26 6:07 ` bug#58774: " Stefan Kangas
2022-10-26 6:52 ` Ihor Radchenko
2022-10-26 8:24 ` Jean Louis
2022-10-26 20:22 ` indieterminacy
2022-10-26 11:30 ` Dr. Arne Babenhauserheide
2022-10-26 21:41 ` Tim Cross
2022-10-27 10:43 ` Dr. Arne Babenhauserheide
2022-10-26 13:15 ` Stefan Kangas
2022-10-26 8:21 ` Jean Louis
2022-10-26 17:07 ` Max Nikulin
2022-10-26 18:37 ` Jean Louis
2022-10-26 21:16 ` Dr. Arne Babenhauserheide
2022-10-27 4:25 ` tomas
2022-10-27 11:10 ` Dr. Arne Babenhauserheide
2022-10-26 21:56 ` indieterminacy
2022-10-26 20:00 ` Tim Cross
2022-10-25 22:13 ` Ag Ibragimov
2022-10-26 8:28 ` Jean Louis
2022-10-26 13:00 ` Rudolf Adamkovič
2022-10-26 13:42 ` bug#58774: " Jean Louis
2022-10-27 4:55 ` Jean Louis
2022-10-27 11:13 ` Dr. Arne Babenhauserheide
2022-10-27 17:41 ` Jean Louis
2022-10-27 21:43 ` Dr. Arne Babenhauserheide
2022-10-27 15:35 ` bug#58774: " Max Nikulin
2022-10-27 17:58 ` Jean Louis [this message]
2022-10-27 21:49 ` Dr. Arne Babenhauserheide
2022-10-27 18:25 ` Jean Louis
2022-10-27 19:53 ` Quiliro Ordóñez
2022-10-27 19:58 ` Quiliro Ordóñez
2022-10-27 21:57 ` Dr. Arne Babenhauserheide
2022-10-27 22:18 ` Jean Louis
2022-10-27 23:14 ` Dr. Arne Babenhauserheide
2022-10-27 23:20 ` Ihor Radchenko
2022-10-28 8:28 ` Dr. Arne Babenhauserheide
2022-11-02 4:09 ` Ihor Radchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y1rGvZCTRwUDtNoG@protected.localdomain \
--to=bugs@gnu.support \
--cc=58774@debbugs.gnu.org \
--cc=emacs-orgmode@gnu.org \
--cc=manikulin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).