GNU bug report logs - #19284
25.0.50; tls.el uses option --insecure

Previous Next

Package: emacs;

Reported by: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>

Date: Fri, 5 Dec 2014 19:44:01 UTC

Severity: normal

Tags: fixed, security

Found in version 25.0.50

Fixed in version 25.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>, 19284 <at> debbugs.gnu.org
Subject: bug#19284: 25.0.50; tls.el uses option --insecure
Date: Mon, 28 Dec 2015 17:04:21 -0500

On Sat, 26 Dec 2015 22:15:45 +0100 Lars Ingebrigtsen <larsi <at> gnus.org> wrote: 

LI> As Stefan said in a different report -- perhaps we should just require
LI> Emacs with built-in TLS support if you want to use TLS.  That would
LI> essentially mean that we should just remove tls.el and starttls.el.

LI> Alternatively we could, in Emacs 25.1, just remove the --insecure
LI> settings and let people who try to connect to their IMAP server just
LI> fail somewhat mysteriously (it's very common to have self-signed certs
LI> for IMAP).

I am in favor of either option and I think the first is cleaner.

There will be a small but vocal group that wants to use the external
tunnel utility. I think the benefit to the rest of the users will be
worth it, and that group can have a ELPA package to support them.

Ted

This bug report was last modified 9 years and 148 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #19284 25.0.50; tls.el uses option --insecure

GNU bug report logs - #19284
25.0.50; tls.el uses option --insecure