Misleading/not-as-useful-as-it-could-be error message

Misleading/not-as-useful-as-it-could-be error message

[Richard Hartmann]

Hi,

I just found out about a neat feature: When a completion function is
writeable by non-root, zsh will complain about the fact.

You get:
Ignore insecure files and continue [ny]?

I see two problems with this:
1) The user does not know it is zsh saying this, it could be anything,
really.
2) The user is not told _what_ files are considered insecure and why.

Adding a note on where & why the files were sourced/loaded would
be an optional extra.


Other than that, I love this feature. Once again zsh devs have handled
a situation I did not even really think about until I stumbled into it :)


Richard

Re: Misleading/not-as-useful-as-it-could-be error message

[Peter Stephenson]

On Fri, 28 Mar 2008 13:44:11 +0100
"Richard Hartmann" <richih.mailinglist@gmail.com> wrote:
> I just found out about a neat feature: When a completion function is
> writeable by non-root, zsh will complain about the fact.
> 
> You get:
> Ignore insecure files and continue [ny]?
> 
> I see two problems with this:
> 1) The user does not know it is zsh saying this, it could be anything,
> really.
> 2) The user is not told _what_ files are considered insecure and why.
> 
> Adding a note on where & why the files were sourced/loaded would
> be an optional extra.

People have complained before (now in the dim distant past, I think even
before I became responsible for this by default) that this is a bit terse.
If you type 'n' it tells you to run compaudit to see what was wrong, but
(a) it's not very clear what 'n' means (b) you can run it if you type 'y',
too, which is still as safe since it ignores the files in question.  The
reason for typing 'n' wouldn't be security, it would be the worry that you
haven't got a complete completion system, although if you fix the problem
you can run compinit again.

Index: Completion/compinit
===================================================================
RCS file: /cvsroot/zsh/zsh/Completion/compinit,v
retrieving revision 1.18
diff -u -r1.18 compinit
--- Completion/compinit	1 Nov 2007 10:56:39 -0000	1.18
+++ Completion/compinit	28 Mar 2008 14:48:46 -0000
@@ -417,8 +417,9 @@
   if ! eval compaudit; then
     if [[ -n "$_i_q" ]]; then
       if [[ "$_i_fail" = ask ]]; then
-        if ! read -q "?Ignore insecure $_i_q and continue [ny]? "; then
-	  print -u2 "run compaudit to see list of insecure $_i_q"
+        if ! read -q \
+"?zsh compinit: insecure $_i_q, run compaudit for list.
+Ignore insecure $_i_q and continue [y] or abort compinit [n]? "; then
 	  print -u2 "$0: initialization aborted"
           unfunction compinit compdef
           unset _comp_dumpfile _comp_secure compprefuncs comppostfuncs \


-- 
Peter Stephenson <pws@csr.com>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070