emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac


From: Eli Zaretskii
Subject: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Date: Wed, 08 Mar 2023 16:13:04 +0200

> From: Po Lu <luangruo@yahoo.com>
> Cc: emacs-devel@gnu.org
> Date: Wed, 08 Mar 2023 18:58:47 +0800
> 
> Ulrich Mueller <ulm@gentoo.org> writes:
> 
> > Sorry, but I've installed this on emacs-29 with an explicit ack from
> > both Eli and Stefan.
> 
> Why was this considered okay for emacs-29?

Because I didn't imagine that Bash could be missing on a GNU/Linux
system.

> IMHO we should stop kow-towing to the information security people who
> make a huge fuss over every single bug, especially bugs like this one
> which only show up when you specifically try to trigger them.

Good luck with that!

This is a losing battle, so I suggest you save your time and energy
for more productive discussions.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]