bug#45068: [PATCH] 28.0.50; Update Modus themes 1.0.2 (backward-incompat

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#45068: [PATCH] 28.0.50; Update Modus themes 1.0.2 (backward-incompat

From:	Mauro Aranda
Subject:	bug#45068: [PATCH] 28.0.50; Update Modus themes 1.0.2 (backward-incompatible)
Date:	Tue, 02 Mar 2021 08:56:22 -0300

"Basil L. Contovounesios" <contovob@tcd.ie> writes:

> Mauro Aranda <maurooaranda@gmail.com> writes:
>
>> I'll just say that I raised the question because (usually) theme files
>> are just settings, so for a user to check the safety it is normally
>> enough to go through the custom-theme-set-* functions and see what the
>> theme is setting.  Now the user would be asked to check a require-theme
>> call for its safety, and since a call to require-theme looks a lot like
>> require, it might not be obvious that it can load (and enable) any theme
>> it wants.
>
> I'm suggesting that require-theme never enables any themes.  And to the
> eyes of the user, it would be no different than a call to require or
> load, which we already don't warn a second time about.

Then there's no reason for me to worry at all.

>> And if a theme uses require-theme to do that, it can "hide"
>> the "unsafe theme" settings, because the first element of
>> custom-enabled-themes will just be the "safe" theme.
>
> Sorry, I'm not sure what you mean, could you please elaborate on the
> steps involved?

With the require-theme posted that included a (load-theme t) call, I
thought about the following steps:

The user enables super-safe-theme which hasn't been marked as safe.
The theme has a call to require-theme:
(require-theme 'should-be-safe-theme)
and the user thinks it's fine because should-be-safe-theme comes from
the same author as super-safe-theme.  The user doesn't check
should-be-safe-theme.el (shame on him), and is neither prompted because
of the NO-CONFIRM non-nil.

should-be-safe-theme.el has this call:
(require-theme 'not-so-safe-theme)
and the user is again not prompted for this theme.

After all the loading and enabling, custom-enabled-themes looks like
this:
(super-safe should-be-safe not-so-safe)
and it's not entirely obvious which setting came from which theme.

Of course all of this is already possible, but the theme has to put a
(load-theme t) call in front of the user eyes.

But anyway, if you're thinking about a require-theme that never enables
any theme, this is not relevant anymore.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#45068: [PATCH] 28.0.50; Update Modus themes 1.0.2 (backward-incompatible), (continued)

Prev by Date: bug#45068: [PATCH] 28.0.50; Update Modus themes 1.0.2 (backward-incompatible)
Next by Date: bug#46627: [PATCH] Add new help command 'describe-command'
Previous by thread: bug#45068: [PATCH] 28.0.50; Update Modus themes 1.0.2 (backward-incompatible)
Next by thread: bug#45068: [PATCH] 28.0.50; Update Modus themes 1.0.2 (backward-incompatible)
Index(es):
- Date
- Thread