From owner-svn-ports-head@freebsd.org Sat Jun 15 19:32:52 2019 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B08D615CE3D0; Sat, 15 Jun 2019 19:32:52 +0000 (UTC) (envelope-from danfe@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C456891B8; Sat, 15 Jun 2019 19:32:52 +0000 (UTC) (envelope-from danfe@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1033) id 3A1B9DB6C; Sat, 15 Jun 2019 19:32:52 +0000 (UTC) Date: Sat, 15 Jun 2019 19:32:52 +0000 From: Alexey Dokuchaev To: Adam Weinberger Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r504132 - head/security/vuxml Message-ID: <20190615193252.GA60107@FreeBSD.org> References: <201906131841.x5DIfuSb069885@repo.freebsd.org> <20190615151247.GA24087@FreeBSD.org> <20190615184227.GA14704@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.4 (2019-03-13) X-Rspamd-Queue-Id: 4C456891B8 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.95 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.95)[-0.955,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jun 2019 19:32:52 -0000 On Sat, Jun 15, 2019 at 01:04:37PM -0600, Adam Weinberger wrote: > On Sat, Jun 15, 2019 at 12:42 PM Alexey Dokuchaev wrote: > > ... > > Do we package Vim/NeoVim with modelines enabled by default? I think > > it's generally a good idea to turn potentially dangerous features, esp. > > with an earlier history of security/resource vulnerabilities, off by > > default -- it does not make packages less vulnerable, but leaves one > > extra potential attack door closed rather than opened. > > I'm not opposed to the idea at all. Modeline is an outstanding feature > that, for example, helps us make sure that, for example, bsd.port.mk > patches don't show up with leading tabs. [...] > > We will definitely have some confused end-users if we set nomodeline by > default, and we'll have to be even more diligent about checking patches > for spacing. > > Alexey, do the benefits of modeline outweigh the risks? Anyone else > want to add recommendations here? I personally prefer to :set ts=4 manually, but I understand it can be a handy feature for others. Then again, it should not be hard to show users how to enable it if they wish, e.g. by placing a very visible comment in the etc/vim/vimrc or via port's pkg-message. I don't a strong opinion here, let's hear what others have to say. ./danfe