Re: :file keyword for Customize

[Ted Zlatanov]

On Thu, 08 May 2008 22:48:47 +0200 David Kastrup <address@hidden> wrote: 

DK> So what?  [the user's custom file] is a "monolithic blob" not
DK> intended for human consumption, and one can't really delay loading
DK> it, anyway.  So all this buys us is added complication and longer
DK> load times.

I think monolithic blobs have historically been proven unsuitable for
human consumption.  In the case of a binary, that's fine.  For
configuration data, that's dangerous.

For example, the /etc/shadow file is intended to make the /etc/passwd
file less dangerous when compromised.  /etc/passwd can do the job by
itself, but it makes sense for security to take the dangerous bits out.

As another example, the Windows registry is a monolithic blob.  A
special tool is needed to edit the blob and its capabilities are limited
by the lowest common denominator (key=value, plain text data).

In the same way a user's customizations for authentication are more
sensitive than the default customizations, and should probably be stored
in a separate file that's encrypted with some mechanism.  The default
customizations are then available to fellow users without danger of
compromising security.

In the case of Gnus, it makes sense to separate Gnus-specific settings.
I do this manually in my gnus.el, but I can't customize the Gnus
variables without a manual resync between my custom file and gnus.el.

I think Drew's proposal is worth considering as an add-on package, but I
wouldn't push it on every user by default.

Ted