[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security flaw in EDE; new release plans
From: |
Daniel Colascione |
Subject: |
Re: Security flaw in EDE; new release plans |
Date: |
Sun, 08 Jan 2012 23:26:19 -0800 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0) Gecko/20111105 Thunderbird/8.0 |
On 1/8/12 11:06 PM, Chong Yidong wrote:
> Daniel Colascione <address@hidden> writes:
>
>> I never got around to committing the patch below to the emacs-23
>> branch. Would it be okay to add it before the 23.4 release?
>>
>> + (put 'lexical-binding 'safe-local-variable t)
>
> What's the rationale? If Emacs 23 users try to load Lisp libraries that
> use lexical binding, that will tend to lead to bugs, so why make it
> *easier* for that to happen?
My proposed patch makes it painless to edit Emacs 24 lisp using Emacs
23. A user might want to read or backport Emacs 24 lisp files, and
because it's possible to write lisp that works correctly whether
lexical-binding is on or off, a user might even legitimately want to
load these files.
The warning about the lexical-binding variable appears only when a
user tries to edit a file with lexical-binding. If an Emacs 23 user
tries to load or compile such a file, he won't receive a warning. If
we wants to guard against loading a file in an Emacs without support
for lexical-binding, an (assert (boundp 'lexical-binding)) at toplevel
should do the trick; a more general solution would be to add code to
the Emacs 23 lisp reader or byte compiler to reject files that specify
lexical-binding.
As far as editing itself is concerned, though, lexical-binding is
indeed a harmless variable in Emacs 23: inert, sure, but harmless.
signature.asc
Description: OpenPGP digital signature