Less misinterprets the `--without-secure` or `--with-secure=no` configure flags

The problem

Nixpkgs recently switched to explicitly stating --without-secure when less is to be compiled without the secure option, instead of only omitting the --with-secure configure flag. But setting --without-secure (or --with-secure=no) results in less being compiled with the secure mode on (i.e. tested by checking if it will read a lesskey file and by trying to pipe | an open file).

My hypothesis why that is

Setting --without-configure is parsed by the ./configure script as with_secure=no. This is then interpreted to mean that one actually wants to use the secure mode, as the if check does not actually check the value of the with_secure variable. It only checks that it is set at all (i.e. the actual condition from the ./configure script is test ${with_secure+y}).

gwsw / less

Less misinterprets the `--without-secure` or `--with-secure=no` configure flags #584

The problem

My hypothesis why that is