GNU bug report logs -
#19284
25.0.50; tls.el uses option --insecure
Previous Next
Reported by: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>
Date: Fri, 5 Dec 2014 19:44:01 UTC
Severity: normal
Tags: fixed, security
Found in version 25.0.50
Fixed in version 25.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
Message #47 received at 19284 <at> debbugs.gnu.org (full text, mbox):
On Wed, 30 Dec 2015 19:22:49 +0100 Lars Magne Ingebrigtsen <larsi <at> gnus.org> wrote:
LMI> Ted Zlatanov <tzz <at> lifelogs.com> writes:
>> There is a user experience difference between relying on external tools
>> implicitly, which tls.el does, and explicitly, which ProxyCommand does.
>> Also, tls.el is not granular like ProxyCommand or the `nnimap-stream'
>> functionality, it applies to all connectivity. I hope that explains my
>> reasoning better.
LMI> Yeah. For the version after this, we should dump tls.el (and
LMI> starttls.el) completely. If somebody wants a way to do TLS proxying, we
LMI> should add that as separate functionality, not something that plops out
LMI> as a side-effect of using gnutls-cli.
Ivan, do you want to summarize the three separate proposals to emacs-devel
or should I? I think it's time to move it out of this bug report since
Lars has committed the changes to fix it.
The proposals, I think, were:
1) provide a new function hook point for tls.el to provide
network-stream functionality, and make that a defcustom that can be
overridden by host and port
2) move tls.el out of Emacs into the GNU ELPA
3) support TLS proxying in gnutls.el or at the C level, if we can define
what that actually means
Thanks
Ted
This bug report was last modified 9 years and 148 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.