bug#75017: 31.0.50; Untrusted user lisp files

[Eli Zaretskii]

> From: john muhl <jm@pub.pink>
> Date: Sat, 21 Dec 2024 14:48:52 -0600
> 
> user-init-file is trusted by default but not other user files.
> 
>   C-xf ~/.emacs.d/early-init.el
>   M-x flymake-mode
> 
> Produces a warning:
> 
>   Disabling elisp-flymake-byte-compile in early-init.el (untrusted content)
> 
> custom-file (when not the same as user-init-file) also causes a
> warning. Should these also be trusted by default?

No, not IMO.  Please add those files you know you can trust to the
list of trusted files, and let's see if that works well for you.  If,
after you have used that for some time, you have observations to
report or changes to suggest, please do, but let's please base such
observations on some sufficiently significant (read: long enough)
experience.

> What about files put in place by a system admin or your distro’s
> Emacs package (e.g. site-run-file, default.el)? They generally
> require root priviledges to install so if they can’t be trusted
> you’re already in trouble.

On my system, these files do not need any admin privileges, so I don't
think we should trust them by default.  Users who know that these
files are modified only by trusted admins can and probably should add
them to the list of trusted files, if they need that (in general,
there should be no need to run Flymake in those files, in which case
these files don't need to be added even if they are trusted).

Btw, if we are talking about trusted admins, then entire directories
should be trusted, for example /usr/share or /usr/share/emacs.
There's a reason why we didn't do that by default.