[vim/vim] syntax highlighter: gpg.conf: Drop dangerous use-embedded-filename (PR #13961)

[dkg]

The syntax highlighter is likely to encourage people to use the listed commands.

but use-embedded-filename is a dangerous option that can cause GnuPG to write arbitrary data to arbitrary files whenever GnuPG encounters malicious data.

GnuPG upstream explicitly warns against using this option:

https://dev.gnupg.org/T4500

I recommend that vim not encourage users to place this option in their gpg.conf by highlighting it as a valid option.

I've also asked GnuPG upstream to explicitly deprecate the option due to its hazardous nature:

https://dev.gnupg.org/T6972

---

You can view, comment on, or merge this pull request online at:

  https://github.com/vim/vim/pull/13961

Commit Summary

• d7f5fb4 syntax highlighter: gpg.conf: Drop dangerous use-embedded-filename

File Changes

(1 file)

• M runtime/syntax/gpg.vim (4)

Patch Links:

• https://github.com/vim/vim/pull/13961.patch
• https://github.com/vim/vim/pull/13961.diff

—
Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/13961@github.com>

[dkearns]

Would it be better to highlight it as an error?

—
Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/13961/c1925034986@github.com>

[Christian Brabandt]

But error is clearly wrong, as it is still supported. Not sure if we use Warning highlighting in syntax scripts.

—
Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/13961/c1925229467@github.com>

[dkearns]

For better or worse, Error is the commonly used group for deprecated features but there's some use of WarningMsg in more recent additions. javascript.vim uses Exception, which seems like quite the stretch.

@dpkg, this syntax file needs a maintainer if you're willing and able.

—
Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/13961/c1925301444@github.com>

[Ajit-Thakkar]

Fortran.vim uses Todo highlighting for obsolescent features.

—
Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/13961/c1925304957@github.com>

[Christian Brabandt]

Closed #13961 via 6d91227.

—
Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/13961/issue_event/11767663951@github.com>

[Christian Brabandt]

I marked it with WarningMsg for now, since it looks like this option isn't going away from gpg according to the referenced tickets.

—
Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/13961/c1937814684@github.com>

[dkg]

@dkg, this syntax file needs a maintainer if you're willing and able.

I'm not a vim user, let alone comfortable enough with vim to be a maintainer, but thanks for the offer. I'm just trying to clean up dangerous corners of the ecosystem.

—
Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/13961/c1960293370@github.com>

[dkearns]

I see, well thank you for your thankless efforts.

—
Reply to this email directly, view it on GitHub.

You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/13961/c1961688680@github.com>