From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 915DCC4361B for ; Wed, 9 Dec 2020 03:16:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5C38F238E3 for ; Wed, 9 Dec 2020 03:16:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727105AbgLIDQa (ORCPT ); Tue, 8 Dec 2020 22:16:30 -0500 Received: from pb-smtp1.pobox.com ([64.147.108.70]:63613 "EHLO pb-smtp1.pobox.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725789AbgLIDQ3 (ORCPT ); Tue, 8 Dec 2020 22:16:29 -0500 Received: from pb-smtp1.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 954CF97F2C; Tue, 8 Dec 2020 22:15:48 -0500 (EST) (envelope-from junio@pobox.com) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to:cc :subject:references:date:message-id:mime-version:content-type; s=sasl; bh=ZgSVpRqcgNv0N5dvssxezH1f1TM=; b=gYoZ7sZRWDhrnaEGtLpR 9x464jcpeYb8Hj8zVXH/3SK6jegOgMJCe9OtAOw4xuJdbk8ab8RuAXj81dXsrHVG slOFPPWjnQCEWf9TKDdCghxebmiAmb7hCn1WKyocAXUqZKqP1CEo3nEOdoWW8ax+ aXXmqs9YDzrA/D8guhwPic4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=from:to:cc :subject:references:date:message-id:mime-version:content-type; q=dns; s=sasl; b=dckUKuHdeXp9NZ3H6xpQhJYeXh6t+gv/MFZJXmWJB0Xcki A492km7C7L6CfIDTJu7TyHZN4zMlW5NHqRclKOXvXM/R6ypnQT/EYRV1zyslAUbz WDJKZUDo/GRjCD2FSL2blQosGV8t8PtwVDi9FrEJWmJKFTSEqrj0VrDd8BqKQ= Received: from pb-smtp1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 84A3397F2B; Tue, 8 Dec 2020 22:15:48 -0500 (EST) (envelope-from junio@pobox.com) Received: from pobox.com (unknown [34.74.119.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 0FF8997F2A; Tue, 8 Dec 2020 22:15:48 -0500 (EST) (envelope-from junio@pobox.com) From: Junio C Hamano To: Aaron Schrab Cc: Felipe Contreras , git@vger.kernel.org, Jeff King , Emily Shaffer Subject: Re: [PATCH] Add project-wide .vimrc configuration References: <20201209002619.25468-1-felipe.contreras@gmail.com> Date: Tue, 08 Dec 2020 19:15:47 -0800 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Pobox-Relay-ID: D55ED562-39CC-11EB-A9A2-D152C8D8090B-77302942!pb-smtp1.pobox.com Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Aaron Schrab writes: > At 18:26 -0600 08 Dec 2020, Felipe Contreras wrote: >>By default it's ignored, you need the following in your ~/.vimrc >> >> set exrc > > Running `:help 'exrc'` in vim includes the text: > > Setting this option is a potential security leak. E.g., consider > unpacking a package or fetching files from github, a .vimrc in there > might be a trojan horse. BETTER NOT SET THIS OPTION! > Instead, define an autocommand in your .vimrc to set options for a > matching directory. > > So I don't think it's a good idea to encourage people to do that by > using a name that invites it. Also I think that the file would be more > discoverable for people to incorporate into their own configuration if > not named as a hidden file. Thanks. I do not use vim and did not know how commonly recommended the "set exrc" would be, but what you said makes total sense. In that case, I'd suggest shipping this file without the dot-prefix with a clear instruction how to make use of its contents in a secure manner in a comment at the top of the file. If having vimrc (no dot) at the top-level of the tree is untidy, we can add a place in contrib/ that houses configurations to help various editors and IDEs (e.g. contrib/editors/), too.