> I'd like to understand these objections better. Aren't you overstating what is at issue?
Yes, after hitting send I realized I overstated my position a bit. In the meantime the comments in this thread are encouraging, however I have finally figured out what I was really trying to say. tl;dr file permission modes are not universal and should thus not be part of the Org implementation, Org itself knows nothing about files or permissions, it is the system that Org is running in/on. Therefore, so long as we make it abundantly clear that the value for :tangle-mode is not expected to be portable and that it is always up to the user to ensure correct behavior, then we are ok. I'm not happy about this conclusion from a security perspective, but it isn't really worse than the situation we have right now. As many have pointed out, the grammar itself will not be affected. However, other parts of the spec will. In general my objective is to try to reduce the number of special cases that an org implementation has to know about and delegate them to something else. However in this case it is a bit tricky because of the security implications and due to the fact that octal modes for file permissions are NOT universal and should not be expected to be universal! I actually think that my gut reaction was correct, but was expressed in the wrong way. Unix file modes are not universal and should thus not be encoded as part of a portable document format. This means that it is up to the user to know what representation is suitable. Right now that representation is delegated to Emacs, because Emacs handles file permissions for Org, and Emac's language for modes is octal. There are some octal modes that do not translate on Windows, and cannot be correctly set. There will (hopefully) be some happy day in the future where there is an operating system that will run Org babel where octal file modes do not exist at all! Therefore I suggest that we do not enshrine a particularly obscure way of expressing file modes into Org itself. Right now Org is confined to Emacs' representations, which in a sense protects Org from becoming too ossified by bad designs of the past --- Emacs can keep all that for us! If we want a more user friendly syntax for this I would suggest that we do something like what has been done for Org babel :results, i.e. like :tangle-mode read write execute, unfortunately that does not compose well at all with user, group, and other and becomes exceedingly verbose. Final conclusion, after all that rambling, is that I'd actually be ok with any of the solutions proposed, so long as it is clear that :tangle-mode will always be implementation dependent, and may or may not be meaningful depending on which operating system you are using. Unfortunate for security, but I don't see any way around tha. The best we could do for security would be for implementations to test the file modes after tangling to ensure that they match, which is more important I think. That said, reducing the number of forms as Eric suggests would be a happy medium. Best! Tom