From: sxyazi <sxyazi@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: New package: yazi-0.2.5
Date: Mon, 29 Apr 2024 18:09:47 +0200 [thread overview]
Message-ID: <20240429160948.1955F211FF@inbox.vuxu.org> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-46909@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 2083 bytes --]
New comment by sxyazi on void-packages repository
https://github.com/void-linux/void-packages/pull/46909#issuecomment-2083134057
Comment:
Yazi will **NOT** randomly delete user files.
On the contrary, we've made extensive security efforts. For example:
- The default behavior for deletion ([`remove` command](https://yazi-rs.github.io/docs/configuration/keymap/#manager.remove)) is to move files to the trash instead of permanently deleting them. If users want to permanently delete files, they need to manually specify `--permanently`, and there's a confirmation prompt for every deletion even trashing.
- For shell commands like [`shell "nvim"`](https://yazi-rs.github.io/docs/configuration/keymap/#manager.shell), by default, a dialog box pops up displaying the shell command template passed by the user for confirmation, and the command isn't executed. It's only executed if the user explicitly specifies `shell "nvim" --confirm`.
- Splitting the commands/keys for [opening](https://yazi-rs.github.io/docs/configuration/keymap/#manager.open) and [entering directories](https://yazi-rs.github.io/docs/configuration/keymap/#manager.enter) also includes security considerations. Users navigate between files using Vim-like `hjkl` keys, and when they're sure they want to open/run the selected file, they use `<Enter>` instead of using `l` like in other file managers, which is used for both directory navigation and opening files.
- We've implemented a [nested selection conflict detection](https://github.com/sxyazi/yazi/issues/688) to prevent users from selecting `/a/b` while also selecting `/a`, as their mutual inclusion could lead to file confusion.
- In the previous version, we also added [detection for the same directory](https://github.com/sxyazi/yazi/issues/894) to prevent users from copying `./foo` as `./foo/foo`, `./foo/foo/foo`, which would result in recursive copying.
Having said all that, I just want to emphasize that **security is always Yazi's top priority**, and this shouldn't be a reason to prevent this PR from being merged (if it is).
prev parent reply other threads:[~2024-04-29 16:09 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-26 15:16 [PR PATCH] New package: yazi-0.1.5 Bnyro
2023-10-26 15:18 ` [PR PATCH] [Updated] " Bnyro
2023-10-28 18:54 ` rookiejet
2023-10-29 8:48 ` Bnyro
2023-10-29 8:48 ` Bnyro
2023-10-29 13:00 ` rookiejet
2023-10-29 14:21 ` [PR PATCH] [Updated] " Bnyro
2023-10-29 14:21 ` Bnyro
2023-11-15 17:27 ` realcharmer
2023-12-03 16:43 ` Anidetrix
2023-12-03 16:44 ` Anidetrix
2023-12-03 16:45 ` Anidetrix
2023-12-03 16:45 ` Anidetrix
2023-12-03 16:48 ` Anidetrix
2023-12-03 17:09 ` Anidetrix
2023-12-03 18:46 ` Bnyro
2023-12-03 18:48 ` Bnyro
2023-12-03 19:05 ` Anidetrix
2023-12-03 19:05 ` Anidetrix
2023-12-03 19:05 ` Anidetrix
2023-12-03 19:11 ` Anidetrix
2023-12-04 14:57 ` [PR PATCH] [Updated] " Bnyro
2023-12-04 15:26 ` Bnyro
2024-01-17 17:39 ` sxyazi
2024-01-17 18:18 ` Bnyro
2024-01-17 18:18 ` [PR PATCH] [Updated] " Bnyro
2024-01-17 18:18 ` Bnyro
2024-01-17 18:24 ` New package: yazi-0.2.1 Anidetrix
2024-01-17 18:24 ` sxyazi
2024-01-17 18:29 ` [PR PATCH] [Updated] " Bnyro
2024-01-17 18:30 ` [PR REVIEW] " Anidetrix
2024-01-17 18:39 ` sxyazi
2024-01-17 18:42 ` [PR PATCH] [Updated] " Bnyro
2024-01-28 17:23 ` LinArcX
2024-02-13 16:19 ` melroy89
2024-02-13 16:20 ` melroy89
2024-02-19 18:42 ` sxyazi
2024-02-19 19:20 ` [PR PATCH] [Updated] " Bnyro
2024-02-19 19:21 ` Bnyro
2024-04-13 23:13 ` New package: yazi-0.2.3 zen0bit
2024-04-14 0:54 ` zen0bit
2024-04-14 10:25 ` [PR PATCH] [Updated] " Bnyro
2024-04-22 14:52 ` [PR REVIEW] New package: yazi-0.2.4 classabbyamp
2024-04-23 13:31 ` [PR PATCH] [Updated] " Bnyro
2024-04-23 13:59 ` toomyem
2024-04-29 15:29 ` New package: yazi-0.2.5 manfred3000
2024-04-29 15:32 ` manfred3000
2024-04-29 16:09 ` sxyazi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240429160948.1955F211FF@inbox.vuxu.org \
--to=sxyazi@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).