emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Maintainers and contributors


From: Dmitry Gutov
Subject: Re: Maintainers and contributors
Date: Thu, 22 Oct 2015 22:08:12 +0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:42.0) Gecko/20100101 Thunderbird/42.0

On 10/22/2015 09:27 PM, John Wiegley wrote:

As it stands, the falling out with Taylan was not entirely technical. I've
spoken to Taylan on IRC, and he is actually a very reasonable fellow. Mainly,
there was a difference between his desire, and his position, that we missed:

He indeed gives that impression, most of the time.

   Desire: Avoid security vulnerabilities in his code.

That desire itself ("in his code" vs "in Emacs") doesn't make much sense, because you cannot use his code without using Emacs. And Emacs uses shell-quote-argument in many places. If that function is vulnerable, you're most likely screwed anyway.

   Position: `shell-quote-argument' violates this desire, and should not be
           used. Since emacs-devel probably can't fix `shell-quote-argument'
           today, rewrite it until it is fixed.

Had the discussion been about this desire, we could have talked about whether
he should bother worrying about security in the context of Emacs, since we
generally don't put much focus there. Eli did start to mention this, but I
think it was lost in the storm, or seen as a dodge.

This point and others have been made. Like Eli said in another email, some people just can't accept different views.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]