Add a security policy

[ghost]

Thanks for this great piece of software! It could potentially save me lots of time while I try to implement a new project-based .vimrc loader. In fact, I thought it might be useful if there's an additional policy, named ProhibitUnsecure, that errors whenever an expression is found of which the linter cannot guarantee that a hacker is unable to use it to do something evil.

Why?

Because we can, of course, and because it would allow automatically sourcing of .vimrc files in a project's directory without compromising the user's security. For me, implementing it as a linter means that there will be better error messages. And who know who else might benefit from this?

[blueyed]

How is this defined? Anything that Vim allows to run in a sandbox?

btw: check out https://github.com/embear/vim-localvimrc - it does not whitelist .lvimrcs automatically, but requires you to approve them (and remembers your choice - until the file changes). I find this very useful, and prefer it over anything automatic.

[ghost]

@blueyed Thanks for the feedback. Actually, I didn't know about this particular plugin. I only found https://github.com/LucHermitte/local_vimrc. The plugin you provided seems like more than enough for me. I'll leave this issue open, but feel free to close it.