GNU bug report logs - #13374
24.?; open-gnutls-stream insecurity

Previous Next

Package: emacs;

Reported by: Oleksii Shevchuk <alxchk <at> gmail.com>

Date: Mon, 7 Jan 2013 16:53:02 UTC

Severity: important

Merged with 13877, 15792

Found in version 24.3

Done: Ted Zlatanov <tzz <at> lifelogs.com>

Bug is archived. No further changes may be made.

Full log

Message #29 received at 13374 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
Cc: Oleksii Shevchuk <alxchk <at> gmail.com>, Glenn Morris <rgm <at> gnu.org>,
	13374 <at> debbugs.gnu.org
Subject: Re: bug#13374: 24.?; open-gnutls-stream insecurity
Date: Tue, 08 Jan 2013 12:06:08 -0500

>> It should default to nil (in other words, we'll ship 24.3 with the same
>> insecure behavior it has right now).  But we can recommend to the users
>> to turn it on, and see how well it works in practice, and write the
>> necessary prompts and customization logic that Lars outlined.
> I think we should just leave things as is for 24.3, since it's too close
> to release, and fix this properly for 24.5.

I tend to agree, although, if the patch is sufficiently trivial, it
could be accepted (e.g. define a new custom var, with nil default value
and splice it somewhere in the code where nil makes no difference).

> Instituting an option like that (which will have to be abandoned
> later) as a stop-gap I feel isn't all that helpful.

If the option will have to be abandoned, then it's indeed a loser, but
I thought the idea is that this option will stay and the added code in
24.4 will "simply" be handling errors more cleverly and prompting the
user to update this option on-the-fly.


        Stefan
This bug report was last modified 11 years and 157 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.