Re: The `risky-local-variable' blacklist

[Richard Stallman]

The problem with the change you've proposed is that we'd have to go
through and find check nearly all the variables in Emacs, and mark
most of them as ok to change.  That is a lot of work.

The default is already no for the kinds of variable names
that are typically used for dangerous variables, those that
hold commands, function names, expressions, etc.  Given that
Emacs users don't regularly get files in the mail and give
their local variables a chance to run, I don't think we have
enough of a danger to justify all that work.

    * Do not make `compile-command' safe;

This is a commonly used feature.  Simply eliminating it would make
users quite unhappy.

Here's an idea that might do the job and be acceptable.  Each time
Emacs sees a variable/value combination that is new for the current
user, it asks the user to confirm that combination.  Any given
combination only needs to be confirmed once by any given user.  This
could reduce the repetitive nuisance down to the point where people
will (1) accept the burden and (2) not zone out when they see the
questions.

What do you think?

    Also, the protection versus honoring `eval' settings when root does little 
    good since it does not apply in other cases; anyone interested in rooting 
    via Emacs surely knows this.

Sorry, I do not follow you here.

    * Do not use `enable-local-eval' as a local flag to prevent dangerous bugs 
    in its handling;

Why not?