From b265152fba7a4ace8677b8e741cda5938f9a44e4 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri, 2 Feb 2024 15:51:05 -0500
Subject: [PATCH] tab completions: avoid completing gpg --use-embedded-filename

gpg's --use-embedded-filename is a dangerous option that can cause gpg
to write arbitrary content to arbitrary files.

According to the GnuPG maintainer, this is not an option recommended
for use (https://dev.gnupg.org/T4500).  Fish shouldn't encourage users
to supply it.

I've offered https://dev.gnupg.org/T6972 to upstream to make it even
more clear that this option is a bad idea.

While removing it, we might as well also remove
--no-use-embedded-filename, since it is effectively a no-op.
---
 share/functions/__fish_complete_gpg.fish | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/share/functions/__fish_complete_gpg.fish b/share/functions/__fish_complete_gpg.fish
index 76dc15521..0e014fb19 100644
--- a/share/functions/__fish_complete_gpg.fish
+++ b/share/functions/__fish_complete_gpg.fish
@@ -264,9 +264,6 @@ function __fish_complete_gpg -d "Internal function for gpg completion code dedup
     complete -c $__fish_complete_gpg_command -l for-your-eyes-only -d "Set the 'for your eyes only' flag in the message"
     complete -c $__fish_complete_gpg_command -l no-for-your-eyes-only -d "Clear the 'for your eyes only' flag in the message"
 
-    complete -c $__fish_complete_gpg_command -l use-embedded-filename -d "Create file with name as given in data"
-    complete -c $__fish_complete_gpg_command -l no-use-embedded-filename -d "Don't create file with name as given in data"
-
     complete -c $__fish_complete_gpg_command -l completes-needed -x -d "Number of completely trusted users to introduce a new key signer (defaults to 1)"
     complete -c $__fish_complete_gpg_command -l marginals-needed -x -d "Number of marginally trusted users to introduce a new key signer (defaults to 3)"