Re: XEmacs patch queue status

(I hope most xemacs-mule people are on this list as well.) Yoshiki Hayashi <yoshiki(a)xemacs.org&gt; writes: It would be nice to resolve this. Problem: `write-region' take different parameters in XEmacs and Emacs, in XEmacs: ,---- | (write-region START END FILENAME &optional APPEND VISIT LOCKNAME CODING-SYSTEM) | | Optional seventh argument CODING-SYSTEM specifies the coding system | used to encode the text when it is written out, and defaults to | the value of `buffer-file-coding-system' in the current buffer. | Interactively, with a prefix arg, you will be prompted for the | coding system. `---- and in Emacs: ,---- | (write-region START END FILENAME &optional APPEND VISIT LOCKNAME MUSTBENEW) | | The optional seventh arg MUSTBENEW, if non-nil, insists on a check | for an existing file with the same name. If MUSTBENEW is `excl', | that means to get an error if the file already exists; never overwrite. | If MUSTBENEW is neither nil nor `excl', that means ask for | confirmation before overwriting, but do go ahead and overwrite the file | if the user confirms. `---- Grep:ing through the XEmacs core I can't find anywhere where the CODING-SYSTEM parameter is used. Neither in XEmacs mule packages. Grep:ing through the XEmacs packages I can find at least one place where it is used INCORRECTLY. (`ediff-make-empty-tmp-file') CODING-SYSTEM is used in jka-compr.el, mule-sysdp.el and nnmail.el, but seems to be there just because they provide wrappers for write-region. I can't find anywhere it's really used with a coding-system argument. (Except in documentation.) Solving this is necesary to create a secure `make-temp-file' -- I may recall incorrectly, but I think there has been some security reports about Mailcrypt or similar PGP packages being insecure because of this. XEmacs is still vulnerable.. How about ditching the CODING-SYSTEM parameter in favor of the MUSTBENEW? I don't care much if this is fixed in `write-region' or elsewhere -- what I'm after is a secure way to create temporary files. A alternative to changing `write-region' is to implement `make-temp-name' in C. (Of course, `write-region' could look at the argument to see if it is a coding system or not and support both XEmacs and Emacs syntax. But it's not nice.) Any ideas?