Steve Hall wrote:
On Fri, 2007-03-16 at 13:26 -0500, fREW wrote:
Isn't a vimball just another archive? It seems, according to the
vimball help file that it's just a bunch of inert files. It doesn't
really run anything... Maybe I am wrong, though.
When you use :source filename, Vim executes the code in filename.
Vimscript (and thereby, a vimball) can do anything to the machine your
user permissions allow you to do.
Not that I expect anything evil from this community, just the
opposite. But I think the concept is broken and is much less obvious
than a simple .tar.gz. (Especially on Windows, and ESPECIALLY with an
extension like ".vba"!)
Sure. But you don't _have_ to source it. Since 15 June 2006, you can use instead
:UseVimball /temp
to unpack it into subdirectories of /temp where the unpacked scripts can do
nothing harmful to your Vim installation. You can then examine them there at
your leisure.
BTW, a common format for distributing zipfiles is a self-extracting .exe --
like, for instance, your own Vim installers. I suppose I needn't point out
that an .exe can potentially do anything to your Windows system that your
permissions allow it to do -- not that I expect anything evil from you, Steve,
quite the opposite. But the concept can quite arguably be described as broken
and much less obvious than a simple .zip.
Best regards,
Tony.
--
"The Schizophrenic: An Unauthorized Autobiography"