GNU bug report logs - #28597
26.0.60; [Security] Configure should use --without-pop by default

Previous Next

Package: emacs;

Reported by: nljlistbox2 <at> gmail.com (N. Jackson)

Date: Mon, 25 Sep 2017 15:12:01 UTC

Severity: normal

Found in version 26.0.60

Done: Noam Postavsky <npostavs <at> users.sourceforge.net>

Bug is archived. No further changes may be made.

Full log

Message #41 received at 28597 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: nljlistbox2 <at> gmail.com (N. Jackson)
Cc: jwiegley <at> gmail.com, eggert <at> cs.ucla.edu, 28597 <at> debbugs.gnu.org
Subject: Re: bug#28597: 26.0.60;
 [Security] Configure should use --without-pop by default
Date: Fri, 29 Sep 2017 22:11:44 +0300

> From: nljlistbox2 <at> gmail.com (N. Jackson)
> Cc: jwiegley <at> gmail.com,  eggert <at> cs.ucla.edu,  28597 <at> debbugs.gnu.org
> Date: Fri, 29 Sep 2017 14:14:29 -0400
> 
> > That default is activated only if you do [have Mailutils].
> 
> I see.
> 
> I don't think that makes sense, does it?

I hope it does, as this is what I asked for at the time, for reasons
that did make sense to me.

> There's nothing terribly odd about my system and if the warning
> message from config is true, then _by default_ I'm going to get
> built an insecure Emacs.

Only if you use POP3 to fetch your mail.  Which I presume you don't;
if you did; building --without-pop by default would have left you with
no way of getting your email into Emacs.

> I think that --without-pop should be the default. Unconditionally.

We should think about all of our users when we make such decisions.  I
myself don't use unencrypted POP3 either, but I'm worried about the
effect this change could have on someone who does.
This bug report was last modified 7 years and 223 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.