From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 6KJpM3m+tmLvFwAAbAwnHQ (envelope-from ) for ; Sat, 25 Jun 2022 09:51:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id aBsNM3m+tmLzSAEAauVa8A (envelope-from ) for ; Sat, 25 Jun 2022 09:51:21 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7E877C8DA for ; Sat, 25 Jun 2022 09:51:21 +0200 (CEST) Received: from localhost ([::1]:39570 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o50Zc-0003gU-MG for larch@yhetil.org; Sat, 25 Jun 2022 03:51:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59394) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o50ZB-0003g6-7G for emacs-orgmode@gnu.org; Sat, 25 Jun 2022 03:50:53 -0400 Received: from ciao.gmane.io ([116.202.254.214]:42200) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o50Z9-0004Jj-Ou for emacs-orgmode@gnu.org; Sat, 25 Jun 2022 03:50:52 -0400 Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1o50Z6-0002uI-R5 for emacs-orgmode@gnu.org; Sat, 25 Jun 2022 09:50:48 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: emacs-orgmode@gnu.org From: Max Nikulin Subject: Re: [PATCH] New remote resource download policy Date: Sat, 25 Jun 2022 14:50:43 +0700 Message-ID: References: <87mteiq6ou.fsf@gmail.com> <87pmj1nh7v.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Content-Language: en-US In-Reply-To: <87pmj1nh7v.fsf@gmail.com> Received-SPF: pass client-ip=116.202.254.214; envelope-from=geo-emacs-orgmode@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: 28 X-Spam_score: 2.8 X-Spam_bar: ++ X-Spam_report: (2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1656143481; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=cn5estmsnM5P25M5nNLNzZXD6VAhxyWkJnQI3Fs7ZoM=; b=LEQyqNaj/1U4QBhDVx8hGG74c5zle3/3J3RPd0Hkyi0hWUJoGnYTtdsJ2xMzPKpxNUnZYA UcbZ9fzNMqrQkFXUMB8qp4bZ5fYINES01QZbUJ942o8TtJf2AunY5wIMIpng2VrR+DH/+j ElNI9dmitMCU3p80UWmVt97TVfDemcESwoBlYnALCoRJAZAvABKx+tLq82SqpDimB6a4j4 2WrCLkwhaVR06f0e/YHCV/u+XG3TwsxHkr7CduEf4kgJgcl90k56hb5UmFkXZ6oMKspUAr /9n+f0iSEukshmCewzGaKVRoSBgpLxak7SIi6sW38TCQXvuLF0+ti9XeVyKy2w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1656143481; a=rsa-sha256; cv=none; b=BaowU21aWa6Eb3UoVuRMUz0pKG8hfvfSD/Nvgxhz+KN4k7v6hAklB4yxMC2JIGteioSm1+ 0/Epv5VfBGLZ4rSN7L1lLsAOoCaYN11Rpd7xZp7H/bE7fySVitV37772tAMqJ99UECifXi Vm5jlf7bn/3QMsF4lvTSstPeSsKnIHuw8CFSxRS2pbYS9FuaiK9pIFuxgcApOjNVLfJg8d 9z93gxUQGmAplxRSXA9U/iZhiY+wQVZ4B+lXs56sqnzKJoxCPDseFGQOmHeFKYr+IVNVCt dlPaJvLS7CrCvz4bpyMgw3D/gJlRIXABNf+ouUryocHgYuoTNDjW0MzSv29ndQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 1.93 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 7E877C8DA X-Spam-Score: 1.93 X-Migadu-Scanner: scn0.migadu.com X-TUID: TVownifXz+Zg On 22/06/2022 17:01, Timothy wrote: > >>> — a/lisp/org-attach.el >>> +++ b/lisp/org-attach.el >>> @@ -525,7 +525,11 @@ (defun org-attach-attach (file &optional visit-dir method) >>> [snip] >>> + (if (or (not noninteractive) (org–should-fetch-remote-resource-p file)) >> >> I am confused by (not noninteractive). Does it mean that interactive call is >> enough to bypass protection? It may have sense it at this step there is no >> ambiguity what resources is fetched. On the other hand I am unsure concerning a >> case when `org-attach-attach’ is a part of a larger command. > > The idea here is that when this is done interactively the user will be aware of > the URL this is being applied to, and so it isn’t a risk. Let me know if this > assumption doesn’t hold. I am not sure what is the best option here. Despite `org-attach-attach' is an interactive command, URL code path most likely will be followed when this function is called from another one. *Currently* my opinion is that it is caller who is responsible for the decision whether the user explicitly asked for a particular resource so it may be considered safe. For example for `org-attach-url' probability that it is called by user directly is higher than it happens from another function. So I am considering such variant: no heuristics is added to `org-attach-attach', but `org-attach-url' temporary adjusts the list of safe locations to bypass user prompt. Notice that I am not an active user of `org-attach'. >>> +(defcustom org-download-remote-resources ’prompt >> >> The name sounds like some function. > > Mmm. I could add `-policy' to that variable name perhaps. It will be too long. Maybe org-remote-resources-policy, but I am leaving the decision up to you. >>> +(defun org–confirm-resource-safe (uri) >>> + “Ask the user if URI should be considered safe, returning non-nil if so.” >>> + (unless noninteractive >>> + (let ((buf (get-buffer-create “*Org Remote Resource*”))) >> >> I see your intention to add something fancy to the dialog. May `org-mks’ be >> reused instead to avoid proliferation variants of rather similar UI code? > > Well, the thing here is that I’m explicitly trying to mimic the > file-local-variable dialog, and since a general form isn’t exposed by Emacs, a > little bit of proliferation seems like the best option to me. I do not have strong opinion, I provided an example of `org-mks' reusing in another message. >>> + (propertize “n” ’face ’error) >>> + “ to skip this resource.”) >> >> From “skip” I do not expect aborting of export. > > Hmm, the “skip” action isn’t determined by the “is it safe” functions, but some > wording that doesn’t sound completely safe at least would be good. At least for export it works more like "Abort". I have realized that e.g. 7zip, asking if it should overwrite an existing file, offers "Always" variant. Almost certainly I saw similar buttons in other dialogs on Windows as well. Unsure it it may be easily implemented, but the case "Allow all remote URLs for the current file" sounds like a valid option during export.