svn commit: r504132 - head/security/vuxml
Alexey Dokuchaev
danfe at freebsd.org
Sat Jun 15 19:32:52 UTC 2019
On Sat, Jun 15, 2019 at 01:04:37PM -0600, Adam Weinberger wrote:
> On Sat, Jun 15, 2019 at 12:42 PM Alexey Dokuchaev wrote:
> > ...
> > Do we package Vim/NeoVim with modelines enabled by default? I think
> > it's generally a good idea to turn potentially dangerous features, esp.
> > with an earlier history of security/resource vulnerabilities, off by
> > default -- it does not make packages less vulnerable, but leaves one
> > extra potential attack door closed rather than opened.
>
> I'm not opposed to the idea at all. Modeline is an outstanding feature
> that, for example, helps us make sure that, for example, bsd.port.mk
> patches don't show up with leading tabs. [...]
>
> We will definitely have some confused end-users if we set nomodeline by
> default, and we'll have to be even more diligent about checking patches
> for spacing.
>
> Alexey, do the benefits of modeline outweigh the risks? Anyone else
> want to add recommendations here?
I personally prefer to :set ts=4 manually, but I understand it can be
a handy feature for others. Then again, it should not be hard to show
users how to enable it if they wish, e.g. by placing a very visible
comment in the etc/vim/vimrc or via port's pkg-message.
I don't a strong opinion here, let's hear what others have to say.
./danfe
More information about the svn-ports-all
mailing list