Date: Sat, 15 Jun 2019 19:32:52 +0000 From: Alexey Dokuchaev <danfe@freebsd.org> To: Adam Weinberger <adamw@freebsd.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r504132 - head/security/vuxml Message-ID: <20190615193252.GA60107@FreeBSD.org> In-Reply-To: <CAP7rwcgwGNFjyf7LmDvg6-xpZwbkdyQ2PELQkFfRD-90TahvxQ@mail.gmail.com> References: <201906131841.x5DIfuSb069885@repo.freebsd.org> <20190615151247.GA24087@FreeBSD.org> <CAP7rwcjB9moLnEwzUcn0EhfKpF%2BdDvAObY0O8XJOn0V4HXByYA@mail.gmail.com> <20190615184227.GA14704@FreeBSD.org> <CAP7rwcgwGNFjyf7LmDvg6-xpZwbkdyQ2PELQkFfRD-90TahvxQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 15, 2019 at 01:04:37PM -0600, Adam Weinberger wrote: > On Sat, Jun 15, 2019 at 12:42 PM Alexey Dokuchaev wrote: > > ... > > Do we package Vim/NeoVim with modelines enabled by default? I think > > it's generally a good idea to turn potentially dangerous features, esp. > > with an earlier history of security/resource vulnerabilities, off by > > default -- it does not make packages less vulnerable, but leaves one > > extra potential attack door closed rather than opened. > > I'm not opposed to the idea at all. Modeline is an outstanding feature > that, for example, helps us make sure that, for example, bsd.port.mk > patches don't show up with leading tabs. [...] > > We will definitely have some confused end-users if we set nomodeline by > default, and we'll have to be even more diligent about checking patches > for spacing. > > Alexey, do the benefits of modeline outweigh the risks? Anyone else > want to add recommendations here? I personally prefer to :set ts=4 manually, but I understand it can be a handy feature for others. Then again, it should not be hard to show users how to enable it if they wish, e.g. by placing a very visible comment in the etc/vim/vimrc or via port's pkg-message. I don't a strong opinion here, let's hear what others have to say. ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190615193252.GA60107>