Re: One vs many directories

[Jean Louis]

* Tom Gillespie <tgbugs@gmail.com> [2020-11-24 23:11]:
> > > That is security issue.
> >
> > Why is it a security issue? The variables do need to be close to the end
> > — 3000 characters is only about 50 lines.
> 
> It isn't a security issue by itself. Emacs never automatically runs
> eval file local variables unless you have tampered with
> enable-local-eval, in which case the tamperin is the security issue
> not the existence of the local variables list.
> 
> Thus it is only a security issue if you permanently accept that eval
> file local variable and then open random org files that use it with a
> malicious startup block. An eval file local variable like that which
> blindly executes an org babel block should never be permanently
> accepted

I do understand conditions.

But I can say that I did not understand conditions for one decade and
a half, as I was not aware that Emacs has a "real programming language
" built-in, and I have been spending my time with outside languages
that I was invoking from Emacs.

Yes, I did read that Emacs has Emacs Lisp. I was configuring Emacs but
I have not been thinkin that it is Lisp. I could figure out those
settings without reading manual.

As I am programming in Emacs Lisp for years I am aware of it. Before I
was thinking that local variables belong somewhere and that I should
enable it, despite all the warnings. There was lack of understanding
despite the information in front of me.

Some files opened asked me to enable local variables, so many times I
did so without thinking. My personal behavior to enable local
variables that other authors have written is probable not isolated
case. So that is security issue as number of users among thousands are
weak on this.

When I say security issue I do not think myself, you or majority of
people currently, but that there are probably millions of people who
can be affected by this. I also know spammers are harvesting mailing
lists.