[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Image mode

From: David Kastrup
Subject: Re: Image mode
Date: Tue, 06 Feb 2007 08:16:16 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)

Richard Stallman <address@hidden> writes:

>     Files for which the user is likely surprised that they are image
>     files.  It seems like inappropriate file extensions (either those
>     suggesting a different major mode, or those suggesting nothing at all)
>     would be a good indicator.
> I didn't believe this before, and I don't believe it now.  There is
> no rational reason to assume that an extension of .jpg means the
> file can't do harm.  Most users do NOT feel suspicious of files on
> account of a name ending in .jpg.

There are two things being confounded here:

a) letting a user open a potentially dangerous image as an image
b) letting the user open a potentially dangerous image at all.

You argue against option b) here.  The solution to that is obvious and
easy: compile Emacs without image support.  This is the only way in
which Emacs will never let the user open a potentially damaging image.

Now if we all agree that opening images at all should not be
prevented, but should be at the user's discretion, we get back to
preventing case a).  It is a reasonable assumption that a user opening
a file with a well-known image extension is not going to be surprised
to have it displayed as an image.

Since Emacs does not go around opening files without the user telling
it, this will put the choice of whether to open files in image mode in
the hands of the user.

In other words: our list of image extensions is not so much important
for what Emacs will recognize as an image file, but rather for what a
user will recognize (and accept) as an image file.

For that reason, I also think it reasonable to do the match for image
extensions case-insensitive.

> If indeed it is safe to open images if and only if their extensions
> say they are images, the reason would have to be something more
> subtle than what people have said here so far.

It is not "safe".  That is a straw man.  It will _never_ be safe.  But
it does not happen without the user expecting it.

David Kastrup

reply via email to

[Prev in Thread] Current Thread [Next in Thread]