Closed concavegit closed 5 years ago
Hi @concavegit, thanks a lot for your interest in this project, really appreciate it! Unfortunately, passing t
to load-theme
unconditionally is very bad for security, because there could be any code in the theme, which will be executed.
Honestly, in the first implementation, I did exactly this: https://github.com/valignatev/heaven-and-hell/commit/27dd61426b09eca678d6e692f45b8453f4c3a9a2#diff-cc1ac83ccda62a840ccb39cc4bc1f354R12
But upon submitting heaven-and-hell to melpa, Steve Purcel (melpa maintainer) was very kind ot make a code review, where he pointed out that custom-set-variables generally better: https://github.com/melpa/melpa/pull/5424#issuecomment-383246698
That's why now I don't decide for people if they should trust previously unknown theme by default. Hope it makes sense to you.
For non-preinstalled themes, load-theme without
t
will ask if the theme is safe to load. Addingt
eliminates that prompt.