GNU bug report logs -
#28597
26.0.60; [Security] Configure should use --without-pop by default
Previous Next
Reported by: nljlistbox2 <at> gmail.com (N. Jackson)
Date: Mon, 25 Sep 2017 15:12:01 UTC
Severity: normal
Found in version 26.0.60
Done: Noam Postavsky <npostavs <at> users.sourceforge.net>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
John Wiegley <jwiegley <at> gmail.com> writes:
>>>>>> "NJ" == N Jackson <nljlistbox2 <at> gmail.com> writes:
>
> NJ> Configure issues the following warning:
> NJ> configure: WARNING: This configuration installs a 'movemail' program
> NJ> that retrieves POP3 email via only insecure channels.
> NJ> To omit insecure POP3, you can use './configure --without-pop'.
>
> NJ> If the warning is true, then --without-pop should be the default, and
> NJ> users should have to explicitly request an insecure Emacs with --with-pop.
>
> You are requesting a change in behavior that is exceedingly old, so I would
> like to hear from others what they think about making a change like this.
> Given how much less of a thing POP is becoming over the years, I'd be in favor
> of changing the default here.
I'm sure there are still people stuck with using POP3, but they should
be gently incited to move to POP3S or IMAPS the same way people should
be steered away from http and TLS < 1.2. Making the default be
--without-pop is one way to do that.
Regards
Robert
This bug report was last modified 7 years and 223 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.