Re: Emacs Lisp's future

[David Kastrup]

"Stephen J. Turnbull" <address@hidden> writes:

> David Kastrup writes:
>
>  > > who may lose their life savings if a filter for 419 phish fails
>  > 
>  > Can we have terrorism with that scaremongering?
>
> Are you really unaware that such exploits happen every day?

So does terrorism.  But the existence of threats is no excuse for
handwaving justifications of measures that do nothing to address the
threats.

> You're not the only programmer who deprecates security because *your*
> applications are "secure enough" and it "can't" happen to you, you
> know.

At the current point of time, we are more talking about deprecating
security theatre rather than security.  Primitive operations that fail
rather than process and pass on information are attack vectors for
denial-of-service attacks.

> Unfortunately, I'm not the one who lacks understanding.  I'm well
> aware that security is costly in convenience and functionality.

How about you explain in what respect XEmacs' non-round-trippability of
utf-8 encoding helps with the security of running AUCTeX?

How about explaining in what respect it helps with security in _any_
regard that XEmacs is not able to faithfully reproduce its input?  How
are you even supposed to _scan_ for malicious input if you refuse to
decode it in recognizable manner?

Again: the responsibilities of an engine and of an application are
different.  And not understanding that and thinking that the former can
somehow absolve the latter from doing its job if it is annoying
enough...  Security theatre.

-- 
David Kastrup