Towards Trust in Emacs
3 days ago
- #Emacs
- #Package
- #Security
- Emacs historically treated all files as trusted, leading to security issues like CVE-2024-53920.
- Emacs 30 introduced a trust system to limit risky features to trusted files, but it's inconvenient and leads users to disable it.
- trust-manager is a package that reduces friction by prompting for project trust just-in-time and remembering choices.
- It automatically marks user configuration files and load-path directories as trusted.
- A mode line indicator (red '?') in untrusted buffers allows quick trust granting via clicking.
- Trust settings are stored in trust-manager-trust-alist and can be managed with custom commands or a customize interface.
- trust-manager integrates with project management, clearing stale trust entries when projects are forgotten.
- Available on MELPA and GitHub, it helps maintain security without sacrificing functionality.