GNU bug report logs -
#28597
26.0.60; [Security] Configure should use --without-pop by default
Previous Next
Reported by: nljlistbox2 <at> gmail.com (N. Jackson)
Date: Mon, 25 Sep 2017 15:12:01 UTC
Severity: normal
Found in version 26.0.60
Done: Noam Postavsky <npostavs <at> users.sourceforge.net>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 28597 in the body.
You can then email your comments to 28597 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 25 Sep 2017 15:12:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
nljlistbox2 <at> gmail.com (N. Jackson):
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Mon, 25 Sep 2017 15:12:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Configure issues the following warning:
configure: WARNING: This configuration installs a 'movemail' program
that retrieves POP3 email via only insecure channels.
To omit insecure POP3, you can use './configure --without-pop'.
If the warning is true, then --without-pop should be the default,
and users should have to explicitly request an insecure Emacs with
--with-pop.
N.
In GNU Emacs 26.0.60 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.22.17)
of 2017-09-24 built on moondust.localdomain
Repository revision: d93301242f38d3d9aaa55899c07496f0bdecf391
Windowing system distributor 'Fedora Project', version 11.0.11903000
System Description: Fedora release 25 (Twenty Five)
Recent messages:
Saving file /home/nlj/.emacs.d/url/cookies...
Wrote /home/nlj/.emacs.d/url/cookies
Auto-saving...done
Mark set
Sending...
Mark set [2 times]
Sending via mail...
Sending email
Sending email done
Sending...done
Configured using:
'configure --without-pop 'CFLAGS=-O2 -g3 -gdwarf-4''
Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND DBUS GSETTINGS NOTIFY ACL
LIBSELINUX GNUTLS LIBXML2 FREETYPE LIBOTF XFT ZLIB TOOLKIT_SCROLL_BARS
GTK3 X11 LCMS2
Important settings:
value of $LANG: en_CA.UTF-8
value of $XMODIFIERS: @im=none
locale-coding-system: utf-8-unix
Major mode: Text
Minor modes in effect:
csv-field-index-mode: t
TeX-PDF-mode: t
diff-auto-refine-mode: t
flyspell-mode: t
pdf-occur-global-minor-mode: t
shell-dirtrack-mode: t
recentf-mode: t
display-battery-mode: t
display-time-mode: t
show-paren-mode: t
savehist-mode: t
save-place-mode: t
electric-pair-mode: t
desktop-save-mode: t
cl-old-struct-compat-mode: t
delete-selection-mode: t
cua-mode: t
tooltip-mode: t
global-eldoc-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
temp-buffer-resize-mode: t
size-indication-mode: t
column-number-mode: t
line-number-mode: t
global-visual-line-mode: t
visual-line-mode: t
transient-mark-mode: t
Load-path shadows:
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-contacts hides ~/.emacs.d/modules/org-contacts
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-habit hides /data/projects/vc/emacs/git/emacs/lisp/org/org-habit
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-python hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-python
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-clojure hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-clojure
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-md hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-md
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-macs hides /data/projects/vc/emacs/git/emacs/lisp/org/org-macs
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-groovy hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-groovy
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-odt hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-odt
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-texinfo hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-texinfo
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-protocol hides /data/projects/vc/emacs/git/emacs/lisp/org/org-protocol
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-io hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-io
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-list hides /data/projects/vc/emacs/git/emacs/lisp/org/org-list
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-scheme hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-scheme
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob hides /data/projects/vc/emacs/git/emacs/lisp/org/ob
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-docview hides /data/projects/vc/emacs/git/emacs/lisp/org/org-docview
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-latex hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-latex
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-html hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-html
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-ctags hides /data/projects/vc/emacs/git/emacs/lisp/org/org-ctags
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-src hides /data/projects/vc/emacs/git/emacs/lisp/org/org-src
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-octave hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-octave
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-w3m hides /data/projects/vc/emacs/git/emacs/lisp/org/org-w3m
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-bibtex hides /data/projects/vc/emacs/git/emacs/lisp/org/org-bibtex
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-eww hides /data/projects/vc/emacs/git/emacs/lisp/org/org-eww
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-info hides /data/projects/vc/emacs/git/emacs/lisp/org/org-info
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-processing hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-processing
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-beamer hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-beamer
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-maxima hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-maxima
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-table hides /data/projects/vc/emacs/git/emacs/lisp/org/org-table
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-R hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-R
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-publish hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-publish
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-mscgen hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-mscgen
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-keys hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-keys
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-css hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-css
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-haskell hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-haskell
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-picolisp hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-picolisp
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-timer hides /data/projects/vc/emacs/git/emacs/lisp/org/org-timer
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-feed hides /data/projects/vc/emacs/git/emacs/lisp/org/org-feed
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-emacs-lisp hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-emacs-lisp
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-coq hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-coq
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-J hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-J
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-mhe hides /data/projects/vc/emacs/git/emacs/lisp/org/org-mhe
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-exp hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-exp
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-rmail hides /data/projects/vc/emacs/git/emacs/lisp/org/org-rmail
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-attach hides /data/projects/vc/emacs/git/emacs/lisp/org/org-attach
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-lilypond hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-lilypond
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-version hides /data/projects/vc/emacs/git/emacs/lisp/org/org-version
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-makefile hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-makefile
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-sql hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-sql
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-lob hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-lob
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-abc hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-abc
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-java hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-java
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-shell hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-shell
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-loaddefs hides /data/projects/vc/emacs/git/emacs/lisp/org/org-loaddefs
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-element hides /data/projects/vc/emacs/git/emacs/lisp/org/org-element
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ebnf hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ebnf
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-id hides /data/projects/vc/emacs/git/emacs/lisp/org/org-id
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-crypt hides /data/projects/vc/emacs/git/emacs/lisp/org/org-crypt
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org hides /data/projects/vc/emacs/git/emacs/lisp/org/org
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-plot hides /data/projects/vc/emacs/git/emacs/lisp/org/org-plot
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ruby hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ruby
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-matlab hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-matlab
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-lua hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-lua
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ditaa hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ditaa
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-irc hides /data/projects/vc/emacs/git/emacs/lisp/org/org-irc
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-gnus hides /data/projects/vc/emacs/git/emacs/lisp/org/org-gnus
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-C hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-C
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-lint hides /data/projects/vc/emacs/git/emacs/lisp/org/org-lint
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-comint hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-comint
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-colview hides /data/projects/vc/emacs/git/emacs/lisp/org/org-colview
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-tangle hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-tangle
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-dot hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-dot
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-mobile hides /data/projects/vc/emacs/git/emacs/lisp/org/org-mobile
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-eshell hides /data/projects/vc/emacs/git/emacs/lisp/org/org-eshell
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-sass hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-sass
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-gnuplot hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-gnuplot
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-icalendar hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-icalendar
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-man hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-man
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-capture hides /data/projects/vc/emacs/git/emacs/lisp/org/org-capture
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-plantuml hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-plantuml
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-footnote hides /data/projects/vc/emacs/git/emacs/lisp/org/org-footnote
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-sed hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-sed
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-clock hides /data/projects/vc/emacs/git/emacs/lisp/org/org-clock
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-js hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-js
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-latex hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-latex
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-ascii hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-ascii
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ref hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ref
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-stan hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-stan
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ocaml hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ocaml
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-agenda hides /data/projects/vc/emacs/git/emacs/lisp/org/org-agenda
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-indent hides /data/projects/vc/emacs/git/emacs/lisp/org/org-indent
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-core hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-core
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-pcomplete hides /data/projects/vc/emacs/git/emacs/lisp/org/org-pcomplete
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-datetree hides /data/projects/vc/emacs/git/emacs/lisp/org/org-datetree
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ledger hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ledger
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-shen hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-shen
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-entities hides /data/projects/vc/emacs/git/emacs/lisp/org/org-entities
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-macro hides /data/projects/vc/emacs/git/emacs/lisp/org/org-macro
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-forth hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-forth
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-mouse hides /data/projects/vc/emacs/git/emacs/lisp/org/org-mouse
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-sqlite hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-sqlite
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-org hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-org
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-screen hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-screen
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-asymptote hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-asymptote
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-eval hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-eval
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-archive hides /data/projects/vc/emacs/git/emacs/lisp/org/org-archive
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox hides /data/projects/vc/emacs/git/emacs/lisp/org/ox
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-org hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-org
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-perl hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-perl
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-faces hides /data/projects/vc/emacs/git/emacs/lisp/org/org-faces
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-bbdb hides /data/projects/vc/emacs/git/emacs/lisp/org/org-bbdb
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-compat hides /data/projects/vc/emacs/git/emacs/lisp/org/org-compat
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-lisp hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-lisp
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-install hides /data/projects/vc/emacs/git/emacs/lisp/org/org-install
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-awk hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-awk
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-calc hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-calc
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-inlinetask hides /data/projects/vc/emacs/git/emacs/lisp/org/org-inlinetask
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-table hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-table
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-fortran hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-fortran
Features:
(mailalias smtpmail shadow bbdb-message emacsbug sendmail eieio-opt
speedbar sb-image ezimage dframe help-fns radix-tree smiley gnus-cite
gnus-async gnus-bcklg qp mail-extr gnus-ml disp-table hl-line mm-archive
url-http url-gw url-cache url-auth nnrss mm-url url url-proxy
url-privacy url-expand url-methods url-history url-cookie url-domsuf
url-util nndraft nnmh utf-7 server pinentry epa-file network-stream nsm
starttls nnfolder bbdb-gnus bbdb-mua nnnil gnus-agent gnus-srvr
gnus-score score-mode nnvirtual gnus-msg nntp gnus-cache cl-extra
help-mode plain-tex ox-koma-letter ox-odt rng-loc rng-uri rng-parse
rng-match rng-dt rng-util rng-pttrn nxml-parse nxml-ns nxml-enc xmltok
nxml-util ox-icalendar ox-html table ox-beamer ox-latex ox-ascii
ox-publish ox latexenc preview prv-emacs font-latex tex-mode sh-script
smie executable csv-mode sort make-mode tex-buf latex tex-ispell
tex-style tex-info tex dbus xml texinfo view vc-git diff-mode map
flyspell ispell pdf-occur ibuf-ext ibuffer ibuffer-loaddefs tablist
tablist-filter semantic/wisent/comp semantic/wisent
semantic/wisent/wisent semantic/util-modes semantic/util semantic
semantic/tag semantic/lex semantic/fw mode-local cedet pdf-isearch
let-alist pdf-misc imenu pdf-tools compile cus-edit pdf-view bookmark pp
pdf-cache pdf-info tq pdf-util org-contacts org-capture gnus-art mm-uu
mml2015 mm-view mml-smime smime dig mailcap gnus-sum gnus-group
gnus-undo gnus-start gnus-cloud nnimap nnmail mail-source tls gnutls
utf7 netrc nnoo parse-time gnus-spec gnus-int gnus-range message subr-x
puny rfc822 mml mml-sec epa derived epg mm-decode mm-bodies mm-encode
mail-parse rfc2231 gmm-utils mailheader gnus-win gnus nnheader
org-duration org-eldoc org-w3m org-rmail org-mhe org-irc org-info
org-habit org-gnus gnus-util rmail rmail-loaddefs rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mail-utils org-docview doc-view jka-compr
image-mode dired-x dired dired-loaddefs org-bibtex bibtex org-bbdb
org-agenda org-element avl-tree generator org advice org-macro
org-footnote org-pcomplete org-list org-faces org-entities noutline
outline easy-mmode org-version ob-shell shell pcomplete ob-R ob-python
ob-plantuml ob-org ob-gnuplot ob-ditaa ob-calc calc-store calc-trail
calc-ext calc calc-loaddefs calc-macs ob-awk ob-dot ob-maxima ob-latex
ob-emacs-lisp ob ob-tangle org-src ob-ref ob-lob ob-table ob-keys ob-exp
ob-comint comint ansi-color ring ob-core ob-eval org-compat org-macs
org-loaddefs format-spec find-func bbdb-anniv diary-lib diary-loaddefs
cal-menu calendar cal-loaddefs bbdb-com crm mailabbrev bbdb bbdb-site
timezone bbdb-loaddefs finder-inf tex-site info package epg-config
url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs
eieio-loaddefs password-cache url-vars ido seq byte-opt gv bytecomp
byte-compile cconv edmacro kmacro recentf tree-widget wid-edit easymenu
battery time wheatgrass-theme paren savehist saveplace elec-pair desktop
frameset cl-loaddefs cl-lib delsel cua-base cus-start cus-load time-date
mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar
dnd fontset image regexp-opt fringe tabulated-list replace newcomment
text-mode elisp-mode lisp-mode prog-mode register page menu-bar
rfn-eshadow isearch timer select scroll-bar mouse jit-lock font-lock
syntax facemenu font-core term/tty-colors frame cl-generic cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese composite charscript charprop
case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer
cl-preloaded nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote dbusbind inotify lcms2
dynamic-setting system-font-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty make-network-process emacs)
Memory information:
((conses 16 689215 96669)
(symbols 48 110300 3)
(miscs 40 23503 3850)
(strings 32 205188 8309)
(string-bytes 1 6888177)
(vectors 16 58257)
(vector-slots 8 1051566 26908)
(floats 8 519 825)
(intervals 56 30691 0)
(buffers 992 109))
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 25 Sep 2017 15:23:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 28597 <at> debbugs.gnu.org (full text, mbox):
>>>>> "NJ" == N Jackson <nljlistbox2 <at> gmail.com> writes:
NJ> Configure issues the following warning:
NJ> configure: WARNING: This configuration installs a 'movemail' program
NJ> that retrieves POP3 email via only insecure channels.
NJ> To omit insecure POP3, you can use './configure --without-pop'.
NJ> If the warning is true, then --without-pop should be the default, and
NJ> users should have to explicitly request an insecure Emacs with --with-pop.
You are requesting a change in behavior that is exceedingly old, so I would
like to hear from others what they think about making a change like this.
Given how much less of a thing POP is becoming over the years, I'd be in favor
of changing the default here.
--
John Wiegley GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com 60E1 46C4 BD1A 7AC1 4BA2
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 26 Sep 2017 09:14:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 28597 <at> debbugs.gnu.org (full text, mbox):
John Wiegley <jwiegley <at> gmail.com> writes:
>>>>>> "NJ" == N Jackson <nljlistbox2 <at> gmail.com> writes:
>
> NJ> Configure issues the following warning:
> NJ> configure: WARNING: This configuration installs a 'movemail' program
> NJ> that retrieves POP3 email via only insecure channels.
> NJ> To omit insecure POP3, you can use './configure --without-pop'.
>
> NJ> If the warning is true, then --without-pop should be the default, and
> NJ> users should have to explicitly request an insecure Emacs with --with-pop.
>
> You are requesting a change in behavior that is exceedingly old, so I would
> like to hear from others what they think about making a change like this.
> Given how much less of a thing POP is becoming over the years, I'd be in favor
> of changing the default here.
I'm sure there are still people stuck with using POP3, but they should
be gently incited to move to POP3S or IMAPS the same way people should
be steered away from http and TLS < 1.2. Making the default be
--without-pop is one way to do that.
Regards
Robert
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 26 Sep 2017 15:40:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 28597 <at> debbugs.gnu.org (full text, mbox):
See previous discussion in https://debbugs.gnu.org/26102
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 26 Sep 2017 17:23:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 28597 <at> debbugs.gnu.org (full text, mbox):
As Glenn noted, the 'configure' message N. mentions came from an uneasy
compromise between worry about the default lack-of-security in Emacs,
and worry about backward compatibility (see Bug#26102). Although I favor
making --without-pop the default, at this point it's really an issue for
the two maintainers to decide.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 26 Sep 2017 18:55:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 28597 <at> debbugs.gnu.org (full text, mbox):
>>>>> Paul Eggert <eggert <at> cs.ucla.edu> writes:
> As Glenn noted, the 'configure' message N. mentions came from an uneasy
> compromise between worry about the default lack-of-security in Emacs, and
> worry about backward compatibility (see Bug#26102). Although I favor making
> --without-pop the default, at this point it's really an issue for the two
> maintainers to decide.
I'm OK making it the default. Let's wait until Eli's back from his trip and he
can add his thoughts.
--
John Wiegley GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com 60E1 46C4 BD1A 7AC1 4BA2
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Fri, 29 Sep 2017 13:15:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> From: John Wiegley <jwiegley <at> gmail.com>
> Date: Tue, 26 Sep 2017 11:51:59 -0700
> Cc: "N. Jackson" <nljlistbox2 <at> gmail.com>, 28597 <at> debbugs.gnu.org
>
> >>>>> Paul Eggert <eggert <at> cs.ucla.edu> writes:
>
> > As Glenn noted, the 'configure' message N. mentions came from an uneasy
> > compromise between worry about the default lack-of-security in Emacs, and
> > worry about backward compatibility (see Bug#26102). Although I favor making
> > --without-pop the default, at this point it's really an issue for the two
> > maintainers to decide.
>
> I'm OK making it the default. Let's wait until Eli's back from his trip and he
> can add his thoughts.
I already agreed in
http://lists.gnu.org/archive/html/emacs-devel/2017-08/msg00054.html to
have --without-pop be the default, and Paul already installed a patch
to do that. So I'm confused about this discussion: what exactly is
the problem, and what needs to be done/decided? Are we talking about
Posix systems where GNU Mailutils are not available? If so, do we
want to leave them without movemail at all rather than with one which
supports POP3? Or do we want to give them movemail, but without POP3?
IOW, from my POV, most of the issues addressed in the cited bug#26102
were resolved as proposed there many moons ago, and I'm unsure what's
left, and why is it a problem.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Fri, 29 Sep 2017 14:06:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 28597 <at> debbugs.gnu.org (full text, mbox):
Eli Zaretskii <eliz <at> gnu.org> writes:
>> From: John Wiegley <jwiegley <at> gmail.com>
>> Date: Tue, 26 Sep 2017 11:51:59 -0700
>> Cc: "N. Jackson" <nljlistbox2 <at> gmail.com>, 28597 <at> debbugs.gnu.org
>>
>> >>>>> Paul Eggert <eggert <at> cs.ucla.edu> writes:
>>
>> > As Glenn noted, the 'configure' message N. mentions came from an uneasy
>> > compromise between worry about the default lack-of-security in Emacs, and
>> > worry about backward compatibility (see Bug#26102). Although I favor making
>> > --without-pop the default, at this point it's really an issue for the two
>> > maintainers to decide.
>>
>> I'm OK making it the default. Let's wait until Eli's back from his trip and he
>> can add his thoughts.
>
> I already agreed in
> http://lists.gnu.org/archive/html/emacs-devel/2017-08/msg00054.html to
> have --without-pop be the default, and Paul already installed a patch
> to do that. So I'm confused about this discussion: what exactly is
> the problem, and what needs to be done/decided? Are we talking about
> Posix systems where GNU Mailutils are not available? If so, do we
> want to leave them without movemail at all rather than with one which
> supports POP3? Or do we want to give them movemail, but without POP3?
I thought we were discussing making --without-pop be the default even
if GNU Mailutils are not available, and it's what I'm
advocating. Paul's patch only did that if they were found.
If that means that some people need to install GNU Mailutils, which
support secure(r) protocols, then I'm all in favour.
Robert
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Fri, 29 Sep 2017 16:08:01 GMT)
Full text and
rfc822 format available.
Message #29 received at 28597 <at> debbugs.gnu.org (full text, mbox):
At 16:14 +0300 on Friday 2017-09-29, Eli Zaretskii wrote:
>
>> >>>>> Paul Eggert <eggert <at> cs.ucla.edu> writes:
>>
>> > As Glenn noted, the 'configure' message N. mentions came from
>> > an uneasy compromise between worry about the default
>> > lack-of-security in Emacs, and worry about backward
>> > compatibility (see Bug#26102). Although I favor making
>> > --without-pop the default, at this point it's really an issue
>> > for the two maintainers to decide.
>
> I already agreed in
> http://lists.gnu.org/archive/html/emacs-devel/2017-08/msg00054.html
> to have --without-pop be the default, and Paul already installed
> a patch to do that.
And yet --without-pop does not appear to be the default here on the
emacs-26 branch.
I updated a few minutes ago (commit
61225964edbaa01e49a6e776af00502ab31767b5), and running configure
writes the following to stderr:
configure: WARNING: Your version of Gtk+ will have problems with
closing open displays. This is no problem if you just use
one display, but if you use more than one and close one of them
Emacs may crash.
See http://bugzilla.gnome.org/show_bug.cgi?id=85715
configure: WARNING: This configuration installs a 'movemail' program
that retrieves POP3 email via only insecure channels.
To omit insecure POP3, you can use './configure --without-pop'.
> So I'm confused about this discussion: what exactly is the
> problem, and what needs to be done/decided?
The problem is that --without-pop is not the default, or at least
that it appears that it is not the default. The general agreement
seems to be that it should be the default.
N.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Fri, 29 Sep 2017 17:43:01 GMT)
Full text and
rfc822 format available.
Message #32 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> From: Robert Pluim <rpluim <at> gmail.com>
> Cc: John Wiegley <jwiegley <at> gmail.com>, nljlistbox2 <at> gmail.com, eggert <at> cs.ucla.edu, 28597 <at> debbugs.gnu.org
> Date: Fri, 29 Sep 2017 16:05:42 +0200
>
> I thought we were discussing making --without-pop be the default even
> if GNU Mailutils are not available, and it's what I'm
> advocating. Paul's patch only did that if they were found.
If that's what people want, fine with me on Posix platforms, but not
on MS-Windows (where Mailutils are not available, and probably never
will be).
> If that means that some people need to install GNU Mailutils, which
> support secure(r) protocols, then I'm all in favour.
But the effect of encouraging the installation of Mailutils will only
be achieved if the configure script displays something about that.
AFIU, the proposal was to make --without-pop the default and not
display any message, in which case people just get movemail without
POP3, and we might be silently breaking someone's setup. Do we want
that?
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Fri, 29 Sep 2017 17:54:02 GMT)
Full text and
rfc822 format available.
Message #35 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> From: nljlistbox2 <at> gmail.com (N. Jackson)
> Cc: John Wiegley <jwiegley <at> gmail.com>, eggert <at> cs.ucla.edu, 28597 <at> debbugs.gnu.org
> Date: Fri, 29 Sep 2017 12:07:14 -0400
>
> > I already agreed in
> > http://lists.gnu.org/archive/html/emacs-devel/2017-08/msg00054.html
> > to have --without-pop be the default, and Paul already installed
> > a patch to do that.
>
> And yet --without-pop does not appear to be the default here on the
> emacs-26 branch.
Do you have Mailutils installed? That default is activated only if
you do.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Fri, 29 Sep 2017 18:15:02 GMT)
Full text and
rfc822 format available.
Message #38 received at 28597 <at> debbugs.gnu.org (full text, mbox):
At 20:53 +0300 on Friday 2017-09-29, Eli Zaretskii wrote:
>
> Do you have Mailutils installed?
No, I don't. (Sadly it is unavailable from the Fedora repositories
and I have never had a reason to build it myself.)
[I have a local IMAP server and I retrieve my mail into it
variously with fetchmail and getmail, so I never use pop in
Emacs.]
> That default is activated only if you do.
I see.
I don't think that makes sense, does it? There's nothing terribly
odd about my system and if the warning message from config is
true, then _by default_ I'm going to get built an insecure Emacs.
I think that --without-pop should be the default. Unconditionally.
N.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Fri, 29 Sep 2017 19:13:02 GMT)
Full text and
rfc822 format available.
Message #41 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> From: nljlistbox2 <at> gmail.com (N. Jackson)
> Cc: jwiegley <at> gmail.com, eggert <at> cs.ucla.edu, 28597 <at> debbugs.gnu.org
> Date: Fri, 29 Sep 2017 14:14:29 -0400
>
> > That default is activated only if you do [have Mailutils].
>
> I see.
>
> I don't think that makes sense, does it?
I hope it does, as this is what I asked for at the time, for reasons
that did make sense to me.
> There's nothing terribly odd about my system and if the warning
> message from config is true, then _by default_ I'm going to get
> built an insecure Emacs.
Only if you use POP3 to fetch your mail. Which I presume you don't;
if you did; building --without-pop by default would have left you with
no way of getting your email into Emacs.
> I think that --without-pop should be the default. Unconditionally.
We should think about all of our users when we make such decisions. I
myself don't use unencrypted POP3 either, but I'm worried about the
effect this change could have on someone who does.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Fri, 29 Sep 2017 20:05:02 GMT)
Full text and
rfc822 format available.
Message #44 received at 28597 <at> debbugs.gnu.org (full text, mbox):
Eli Zaretskii <eliz <at> gnu.org> writes:
>> From: Robert Pluim <rpluim <at> gmail.com>
>> Cc: John Wiegley <jwiegley <at> gmail.com>, nljlistbox2 <at> gmail.com, eggert <at> cs.ucla.edu, 28597 <at> debbugs.gnu.org
>> Date: Fri, 29 Sep 2017 16:05:42 +0200
>>
>> I thought we were discussing making --without-pop be the default even
>> if GNU Mailutils are not available, and it's what I'm
>> advocating. Paul's patch only did that if they were found.
>
> If that's what people want, fine with me on Posix platforms, but not
> on MS-Windows (where Mailutils are not available, and probably never
> will be).
>
I'll defer to you on MS-Windows affairs :-)
>> If that means that some people need to install GNU Mailutils, which
>> support secure(r) protocols, then I'm all in favour.
>
> But the effect of encouraging the installation of Mailutils will only
> be achieved if the configure script displays something about that.
> AFIU, the proposal was to make --without-pop the default and not
> display any message, in which case people just get movemail without
> POP3, and we might be silently breaking someone's setup. Do we want
> that?
No, we don't. I'll see if I can come up with some verbiage over the
weekend, once I reconfigure my brain to (re-)understand autoconf
Robert
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 02 Oct 2017 16:30:02 GMT)
Full text and
rfc822 format available.
Message #47 received at 28597 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Robert Pluim <rpluim <at> gmail.com> writes:
> No, we don't. I'll see if I can come up with some verbiage over the
> weekend, once I reconfigure my brain to (re-)understand autoconf
Apologies for the delay. Autoconf and I don't get on.
The attached patch against emacs-26 results in the following outputs
at the end of the ./configure run. I'm not sure we should suggest
'--without-pop' when that's the new default, but it's probably best to
be explicit.
---begin---
No mailutils installed, ./configure:
configure: WARNING: This configuration installs a 'movemail' program
that does not support POP3 mail retrieval at all due to lack of
support for secure channels.
You might want to install GNU Mailutils
<http://mailutils.org>
You can use './configure --with-pop',
but this is not recommended.
No mailutils installed, ./configure --with-pop:
configure: WARNING: This configuration installs a 'movemail' program
that retrieves POP3 email via only insecure channels.
To omit insecure POP3, you can use './configure --without-pop'.
With mailutils installed, ./configure --without-mailutils:
configure: WARNING: This configuration installs a 'movemail' program
that does not support POP3 mail retrieval at all due to lack of
support for secure channels.
You can use './configure --without-mailutils --with-pop',
but this is not recommended.
With mailutils installed, ./configure --without-mailutils --with-pop:
configure: WARNING: This configuration installs a 'movemail' program
that retrieves POP3 email via only insecure channels.
To omit insecure POP3, you can use './configure --without-pop'.
With mailutils installed, ./configure --with-pop:
# no output
With mailutils installed, ./configure
# no output
---end---
[0001-Default-to-without-pop.patch (text/x-diff, inline)]
From 2002807183af9e1c61ecd36bd04c28a269b7a6b5 Mon Sep 17 00:00:00 2001
From: Robert Pluim <rpluim <at> gmail.com>
Date: Mon, 2 Oct 2017 18:20:58 +0200
Subject: [PATCH] Default to --without-pop
2017-10-02 Robert Pluim <rpluim <at> gmail.com>
* configure.ac (with_pop): Default to off. Warn loudly when
this results in not supporting insecure POP3.
---
configure.ac | 33 ++++++++++++++++++++-------------
1 file changed, 20 insertions(+), 13 deletions(-)
diff --git a/configure.ac b/configure.ac
index 0b0bb5e144..c692c7a532 100644
--- a/configure.ac
+++ b/configure.ac
@@ -232,9 +232,11 @@ AC_DEFUN
m4_bpatsubst([with_$1], [[^0-9a-z]], [_])=$with_features])dnl
])dnl
-# FIXME: The default options '--without-mailutils --with-pop' result
+# The options '--without-mailutils --with-pop' result
# in a movemail implementation that supports only unencrypted POP3
-# connections. Encrypted connections should be the default.
+# connections, but we warn about that later. By default we
+# do *not* support unencrypted POP3
+# Encrypted connections should be the default.
AC_ARG_WITH([mailutils],
[AS_HELP_STRING([--with-mailutils],
@@ -251,8 +253,8 @@ AC_DEFUN
fi
AC_SUBST([with_mailutils])
-OPTION_DEFAULT_ON([pop],
- [don't support POP mail retrieval with movemail (--without-pop or
+OPTION_DEFAULT_OFF([pop],
+ [support POP mail retrieval with movemail (--without-pop or
--with-mailutils is recommended, as movemail POP is insecure)])
if test "$with_pop" = yes; then
AC_DEFINE(MAIL_USE_POP)
@@ -5566,23 +5568,28 @@ m4_define
if test ! "$with_mailutils"; then
if test "$with_pop" = yes; then
AC_MSG_WARN([This configuration installs a 'movemail' program
-that retrieves POP3 email via only insecure channels.
-To omit insecure POP3, you can use '$0 --without-pop'.])
- fi
-
+ that retrieves POP3 email via only insecure channels.
+ To omit insecure POP3, you can use '$0 --without-pop'.])
+ else
case $opsys in
mingw32)
# Don't suggest GNU Mailutils, as it hasn't been ported.
;;
*)
- emacs_fix_movemail="use '$0 --with-mailutils'"
+ emacs_use_pop="You can use '$0 ${emacs_config_options} --with-pop',
+ but this is not recommended."
case `(movemail --version) 2>/dev/null` in
- *Mailutils*) ;;
- *) emacs_fix_movemail="install GNU Mailutils
-<http://mailutils.org> and $emacs_fix_movemail";;
+ *Mailutils*) emacs_fix_suggestion="$emacs_use_pop";;
+ *) emacs_fix_suggestion="You might want to install GNU Mailutils
+ <http://mailutils.org>
+ $emacs_use_pop";;
esac
- AC_MSG_NOTICE([You might want to $emacs_fix_movemail.]);;
+ AC_MSG_WARN([This configuration installs a 'movemail' program
+ that does not support POP3 mail retrieval at all due to lack of
+ support for secure channels.
+ $emacs_fix_suggestion]);;
esac
+ fi
fi
test "$MAKE" = make || AC_MSG_NOTICE([Now you can run '$MAKE'.])
--
2.14.2.642.g20fed7cad
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 02 Oct 2017 17:23:01 GMT)
Full text and
rfc822 format available.
Message #50 received at 28597 <at> debbugs.gnu.org (full text, mbox):
At 22:11 +0300 on Friday 2017-09-29, Eli Zaretskii wrote:
>
>> From: nljlistbox2 <at> gmail.com (N. Jackson)
>> Date: Fri, 29 Sep 2017 14:14:29 -0400
>>
>> I don't think that makes sense, does it?
>
> I hope it does, as this is what I asked for at the time, for
> reasons that did make sense to me.
Indeed. You considered broader factors than I was aware of
previously.
>> There's nothing terribly odd about my system and if the warning
>> message from config is true, then _by default_ I'm going to get
>> built an insecure Emacs.
>
> Only if you use POP3 to fetch your mail.
This raised a question in my mind (which has probably already
been considered and dealt with). When a user has an Emacs that's
configured to use an insecure movemail for POP3, when they issue a
command in Emacs that invokes it, do they get a warning from
Emacs?
Given that many users don't build their own Emacs, they'll not see
a warning from configure, so it would seem sensible for them to be
warned at run time. (Given that they won't want to be plagued with
a warning every time they check their mail, I'm thinking of a
warning that appears when a relevant command it used for the first
time, similar to the way disabled commands work.)
N.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 02 Oct 2017 17:34:01 GMT)
Full text and
rfc822 format available.
Message #53 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> From: nljlistbox2 <at> gmail.com (N. Jackson)
> Cc: jwiegley <at> gmail.com, eggert <at> cs.ucla.edu, 28597 <at> debbugs.gnu.org, Robert Pluim <rpluim <at> gmail.com>
> Date: Mon, 02 Oct 2017 13:22:01 -0400
>
> >> There's nothing terribly odd about my system and if the warning
> >> message from config is true, then _by default_ I'm going to get
> >> built an insecure Emacs.
> >
> > Only if you use POP3 to fetch your mail.
>
> This raised a question in my mind (which has probably already
> been considered and dealt with). When a user has an Emacs that's
> configured to use an insecure movemail for POP3, when they issue a
> command in Emacs that invokes it, do they get a warning from
> Emacs?
No, they don't. But POP3 is not something movemail will silently use
by itself, the user needs to specify a POP3 "url", referencing the
server and the user's id (and possibly a password as well) for it to
do so. So the user who does that _knows_ they use POP3. IOW, a
deliberate user action is needed for POP3 to be used.
> Given that many users don't build their own Emacs, they'll not see
> a warning from configure, so it would seem sensible for them to be
> warned at run time. (Given that they won't want to be plagued with
> a warning every time they check their mail, I'm thinking of a
> warning that appears when a relevant command it used for the first
> time, similar to the way disabled commands work.)
We also don't warn them when they use HTTP or FTP from Emacs, on the
assumption that users know what they are doing. There's a limit to
our ability to nag users in order to save them from themselves. At
some point, we need to start treating them as responsible adults, IMO.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 02 Oct 2017 18:01:02 GMT)
Full text and
rfc822 format available.
Message #56 received at 28597 <at> debbugs.gnu.org (full text, mbox):
On 10/02/2017 10:32 AM, Eli Zaretskii wrote:
> POP3 is not something movemail will silently use
> by itself, the user needs to specify a POP3 "url", referencing the
> server and the user's id (and possibly a password as well) for it to
> do so. So the user who does that_knows_ they use POP3.
I'm dubious. These days, email clients often use some sort of secure
connection by default even if you just ask for POP. For example,
Thunderbird's mail account setup defaults to IMAP, but if you specify
POP3 it then defaults to autodetecting SSL/TLS or STARTTLS; you must
explicitly override the default (or specify a server that does not
support encryption) to get an unencrypted connection.
Users accustomed to other email clients are likely to expect that Emacs
"pop:whatever" will do something similar.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 02 Oct 2017 18:01:02 GMT)
Full text and
rfc822 format available.
Message #59 received at 28597 <at> debbugs.gnu.org (full text, mbox):
On 10/02/2017 10:22 AM, N. Jackson wrote:
> When a user has an Emacs that's
> configured to use an insecure movemail for POP3, when they issue a
> command in Emacs that invokes it, do they get a warning from
> Emacs?
We discussed options for warning at some length (sorry, don't remember
where; perhaps Gnus-related?), with the idea of putting a flag in the
mode line or something like that. I don't recall what happened (if
anything).
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 02 Oct 2017 18:24:01 GMT)
Full text and
rfc822 format available.
Message #62 received at 28597 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Thanks for working on this. However, Eli asked for --with-pop to remain
the default on native MS-Windows. Also, I found the newly-added warnings
confusing (though admittedly everything is confusing here :-).
How about the attached patch instead? It does not change the
configure-time warnings. It merely changes the default, so that
--without-pop is now the default on platforms other than native MS-Windows.
[0001-with-pop-is-now-the-default-only-on-MS-Windows.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 02 Oct 2017 18:49:02 GMT)
Full text and
rfc822 format available.
Message #65 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> Cc: jwiegley <at> gmail.com, 28597 <at> debbugs.gnu.org, rpluim <at> gmail.com
> From: Paul Eggert <eggert <at> cs.ucla.edu>
> Date: Mon, 2 Oct 2017 11:00:47 -0700
>
> Users accustomed to other email clients are likely to expect that Emacs
> "pop:whatever" will do something similar.
I'm dubious. And I don't see how setting up other MUA is of any use
here, because we also use an encrypted POP3 connection
_if_it's_available_, e.g. via Mailutils, Gnus, etc.
But nagging users each time they invoke movemail to fetch via POP3 is
IMO unacceptable. I'm sick and tired of similar nagging from Firefox,
and I definitely will object that Emacs behaves the same. We
shouldn't patronize our users to that degree. Let the Emacs packagers
worry about making their distributions more secure e,g, by depending
on Mailutils.
Anyway, I think we've cut enough slices of this salami, so let's stop,
and let's leave those who want to use POP3 nonetheless to their
devices.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 02 Oct 2017 23:21:01 GMT)
Full text and
rfc822 format available.
Message #68 received at 28597 <at> debbugs.gnu.org (full text, mbox):
On 10/02/2017 11:47 AM, Eli Zaretskii wrote:
> nagging users each time they invoke movemail to fetch via POP3 is
> IMO unacceptable.
Yes, that suggestion is problematic. But that (older) discussion is
somewhat independent of the current thread, which is about builders and
installers more than it is about users.
> we also use an encrypted POP3 connection
> _if_it's_available_, e.g. via Mailutils, Gnus, etc.
The concern here is about RMAIL, which currently uses Emacs movemail in
the all-too-common case where Mailutils is not installed. In emacs-26
the relevant section of the Emacs manual (doc/emacs/rmail.texi) says for
the pop: protocol: "If the server supports it, ‘movemail’ tries to use
an encrypted connection—use the ‘pops’ form to require one." This
documents 'pop:' as meaning "encrypt if the server supports encryption,
otherwise fall back on unencrypted", which is a natural expectation for
users nowadays and is how Thunderbird works by default; but it's not how
RMAIL works with Emacs movemail and 'pop:', as these connections are
always unencrypted.
> I think we've cut enough slices of this salami, so let's stop,
Does this mean, stop before installing the patch proposed in
Bug#28597#62, or stop after installing that patch? I hope it means the
latter. That patch attempts to implement your suggestion in
Bug#28597#32, as quoted below:
> > From: Robert Pluim <rpluim <at> gmail.com> ...
> >
> > I thought we were discussing making --without-pop be the default even
> > if GNU Mailutils are not available, and it's what I'm
> > advocating. Paul's patch only did that if they were found.
>
> If that's what people want, fine with me on Posix platforms, but not
> on MS-Windows (where Mailutils are not available, and probably never
> will be).
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 03 Oct 2017 02:30:02 GMT)
Full text and
rfc822 format available.
Message #71 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> Cc: nljlistbox2 <at> gmail.com, jwiegley <at> gmail.com, 28597 <at> debbugs.gnu.org,
> rpluim <at> gmail.com
> From: Paul Eggert <eggert <at> cs.ucla.edu>
> Date: Mon, 2 Oct 2017 16:20:26 -0700
>
> > I think we've cut enough slices of this salami, so let's stop,
>
> Does this mean, stop before installing the patch proposed in
> Bug#28597#62, or stop after installing that patch? I hope it means the
> latter.
The latter, of course.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 03 Oct 2017 08:10:02 GMT)
Full text and
rfc822 format available.
Message #74 received at 28597 <at> debbugs.gnu.org (full text, mbox):
Paul Eggert <eggert <at> cs.ucla.edu> writes:
> Thanks for working on this. However, Eli asked for --with-pop to
> remain the default on native MS-Windows. Also, I found the newly-added
> warnings confusing (though admittedly everything is confusing here
> :-).
You're right, I thought he was talking only about the Mailutils
recommendation, but I misread.
> How about the attached patch instead? It does not change the
> configure-time warnings. It merely changes the default, so that
> --without-pop is now the default on platforms other than native
> MS-Windows.
Eli wanted to avoid silently changing the default, which is why I
worked on creating confusing warnings :-)
I'm not wedded to the form, but I think configure should output
*something* to warn people about the change in behaviour. Or we go
full radical and disable building our own mailutils on non MS-Windows,
thus simplifying this mess greatly (we'd have to warn a bit more
loudly if GNU Mailutils aren't installed, though)
Robert
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 03 Oct 2017 14:30:02 GMT)
Full text and
rfc822 format available.
Message #77 received at 28597 <at> debbugs.gnu.org (full text, mbox):
At 16:20 -0700 on Monday 2017-10-02, Paul Eggert wrote:
>
> On 10/02/2017 11:47 AM, Eli Zaretskii wrote:
>
>> nagging users each time they invoke movemail to fetch via POP3
>> is IMO unacceptable.
>
> Yes, that suggestion is problematic.
Just for the record, I explicitly stated in my suggestion to warm
the user (rather than just the builder) that Emacs should _not_ nag
the user every time.
I was thinking of disabling the commands in question in the case
that they will be insecure and prompting along the lines of:
You have typed abc, invoking disabled command xyz.
Beware: This command retrieves POP3 email via only insecure
channels. See [reference to relevant documentation] for more
information.
Do you want to use this command anyway?
You can now type
y to try it and enable it (no questions if you use it again).
n to cancel--don't try the command, and it remains disabled.
SPC to try the command just this once, but leave it disabled.
! to try it, and enable all disabled commands for this session only.
This informs the user but only does so once (if they don't want to
be told again); after that they need not see the warning ever
again. Telling someone something once really cannot be described
as "nagging".
N.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 03 Oct 2017 14:36:02 GMT)
Full text and
rfc822 format available.
Message #80 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> From: Robert Pluim <rpluim <at> gmail.com>
> Cc: Eli Zaretskii <eliz <at> gnu.org>, jwiegley <at> gmail.com, 28597 <at> debbugs.gnu.org, nljlistbox2 <at> gmail.com
> Date: Tue, 03 Oct 2017 10:09:15 +0200
>
> I'm not wedded to the form, but I think configure should output
> *something* to warn people about the change in behaviour. Or we go
> full radical and disable building our own mailutils on non MS-Windows,
> thus simplifying this mess greatly (we'd have to warn a bit more
> loudly if GNU Mailutils aren't installed, though)
Not building movemail if Mailutils are not installed is too harsh,
because movemail supports methods other than POP3.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 03 Oct 2017 14:57:01 GMT)
Full text and
rfc822 format available.
Message #83 received at 28597 <at> debbugs.gnu.org (full text, mbox):
nljlistbox2 <at> gmail.com (N. Jackson) writes:
> At 16:20 -0700 on Monday 2017-10-02, Paul Eggert wrote:
>>
>> On 10/02/2017 11:47 AM, Eli Zaretskii wrote:
>>
>>> nagging users each time they invoke movemail to fetch via POP3
>>> is IMO unacceptable.
>>
>> Yes, that suggestion is problematic.
>
> Just for the record, I explicitly stated in my suggestion to warm
> the user (rather than just the builder) that Emacs should _not_ nag
> the user every time.
>
> I was thinking of disabling the commands in question in the case
> that they will be insecure and prompting along the lines of:
>
> You have typed abc, invoking disabled command xyz.
>
Except that there's not a single specific command that retrieves mail
via POP3, it's wired into the guts of rmail, and I'd rather not touch
that.
This is all starting to sound like overkill compared to simply warning
the builder, especially since people who package emacs can easily add
GNU Mailutils as a dependency, and people who build their own emacs
should read and react to the warning messages that I proposed earlier.
Robert
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 03 Oct 2017 15:04:02 GMT)
Full text and
rfc822 format available.
Message #86 received at 28597 <at> debbugs.gnu.org (full text, mbox):
Eli Zaretskii <eliz <at> gnu.org> writes:
>> From: Robert Pluim <rpluim <at> gmail.com>
>> Cc: Eli Zaretskii <eliz <at> gnu.org>, jwiegley <at> gmail.com, 28597 <at> debbugs.gnu.org, nljlistbox2 <at> gmail.com
>> Date: Tue, 03 Oct 2017 10:09:15 +0200
>>
>> I'm not wedded to the form, but I think configure should output
>> *something* to warn people about the change in behaviour. Or we go
>> full radical and disable building our own mailutils on non MS-Windows,
>> thus simplifying this mess greatly (we'd have to warn a bit more
>> loudly if GNU Mailutils aren't installed, though)
>
> Not building movemail if Mailutils are not installed is too harsh,
> because movemail supports methods other than POP3.
Does GNU Mailutils not support those same methods? I'm assuming it's
also maintained more than our movemail.
Robert
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 03 Oct 2017 15:43:01 GMT)
Full text and
rfc822 format available.
Message #89 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> From: Robert Pluim <rpluim <at> gmail.com>
> Cc: jwiegley <at> gmail.com, eggert <at> cs.ucla.edu, 28597 <at> debbugs.gnu.org, nljlistbox2 <at> gmail.com
> Gmane-Reply-To-List: yes
> Date: Tue, 03 Oct 2017 17:03:48 +0200
>
> > Not building movemail if Mailutils are not installed is too harsh,
> > because movemail supports methods other than POP3.
>
> Does GNU Mailutils not support those same methods?
It does, but I was talking about the case where Mailutils is NOT
installed. If you don't build movemail in that case, you leave users
unable to fetch mail even if they don't use POP3.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 03 Oct 2017 15:45:01 GMT)
Full text and
rfc822 format available.
Message #92 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> From: nljlistbox2 <at> gmail.com (N. Jackson)
> Cc: Eli Zaretskii <eliz <at> gnu.org>, jwiegley <at> gmail.com, 28597 <at> debbugs.gnu.org, rpluim <at> gmail.com
> Date: Tue, 03 Oct 2017 10:29:16 -0400
>
> I was thinking of disabling the commands in question in the case
> that they will be insecure and prompting along the lines of:
>
> You have typed abc, invoking disabled command xyz.
>
> Beware: This command retrieves POP3 email via only insecure
> channels. See [reference to relevant documentation] for more
> information.
>
> Do you want to use this command anyway?
>
> You can now type
> y to try it and enable it (no questions if you use it again).
> n to cancel--don't try the command, and it remains disabled.
> SPC to try the command just this once, but leave it disabled.
> ! to try it, and enable all disabled commands for this session only.
>
> This informs the user but only does so once (if they don't want to
> be told again); after that they need not see the warning ever
> again. Telling someone something once really cannot be described
> as "nagging".
I don't see how can we do such a thing, since movemail is a
command-line utility written in C, not a Lisp program. People can
(and some do) invoke movemail from the shell prompt.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Tue, 03 Oct 2017 22:48:02 GMT)
Full text and
rfc822 format available.
Message #95 received at 28597 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 10/03/2017 01:09 AM, Robert Pluim wrote:
> I think configure should output
> *something* to warn people about the change in behaviour.
That's easy and harmless enough, so I installed the attached into
emacs-26, after installing the patch I previously mentioned in this thread.
[0001-Warn-if-without-pop-is-now-the-default.patch (text/x-patch, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Wed, 04 Oct 2017 07:15:02 GMT)
Full text and
rfc822 format available.
Message #98 received at 28597 <at> debbugs.gnu.org (full text, mbox):
Paul Eggert <eggert <at> cs.ucla.edu> writes:
> On 10/03/2017 01:09 AM, Robert Pluim wrote:
>> I think configure should output
>> *something* to warn people about the change in behaviour.
>
> That's easy and harmless enough, so I installed the attached into
> emacs-26, after installing the patch I previously mentioned in this
> thread.
I have some minor thoughts about the wording of the warning, but
nothing worth another commit. Looks good to me.
Robert
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#28597; Package
emacs.
(Mon, 16 Oct 2017 02:35:01 GMT)
Full text and
rfc822 format available.
Message #101 received at 28597 <at> debbugs.gnu.org (full text, mbox):
close 28597
quit
Robert Pluim <rpluim <at> gmail.com> writes:
> Paul Eggert <eggert <at> cs.ucla.edu> writes:
>
>> On 10/03/2017 01:09 AM, Robert Pluim wrote:
>>> I think configure should output
>>> *something* to warn people about the change in behaviour.
>>
>> That's easy and harmless enough, so I installed the attached into
>> emacs-26, after installing the patch I previously mentioned in this
>> thread.
>
> I have some minor thoughts about the wording of the warning, but
> nothing worth another commit. Looks good to me.
I guess there's nothing more to do here, closing.
bug closed, send any further explanations to
28597 <at> debbugs.gnu.org and nljlistbox2 <at> gmail.com (N. Jackson)
Request was from
Noam Postavsky <npostavs <at> users.sourceforge.net>
to
control <at> debbugs.gnu.org.
(Mon, 16 Oct 2017 02:35:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 13 Nov 2017 12:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 223 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.