GNU bug report logs - #28597
26.0.60; [Security] Configure should use --without-pop by default

Previous Next

Full log

Message #50 received at 28597 <at> debbugs.gnu.org (full text, mbox):

From: nljlistbox2 <at> gmail.com (N. Jackson)
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: jwiegley <at> gmail.com, Robert Pluim <rpluim <at> gmail.com>, eggert <at> cs.ucla.edu,
 28597 <at> debbugs.gnu.org
Subject: Re: bug#28597: 26.0.60;
 [Security] Configure should use --without-pop by default
Date: Mon, 02 Oct 2017 13:22:01 -0400

At 22:11 +0300 on Friday 2017-09-29, Eli Zaretskii wrote:
>
>> From: nljlistbox2 <at> gmail.com (N. Jackson)
>> Date: Fri, 29 Sep 2017 14:14:29 -0400
>> 
>> I don't think that makes sense, does it?
>
> I hope it does, as this is what I asked for at the time, for
> reasons that did make sense to me.

Indeed. You considered broader factors than I was aware of
previously.

>> There's nothing terribly odd about my system and if the warning
>> message from config is true, then _by default_ I'm going to get
>> built an insecure Emacs.
>
> Only if you use POP3 to fetch your mail.

This raised a question in my mind (which has probably already
been considered and dealt with). When a user has an Emacs that's
configured to use an insecure movemail for POP3, when they issue a
command in Emacs that invokes it, do they get a warning from
Emacs?

Given that many users don't build their own Emacs, they'll not see
a warning from configure, so it would seem sensible for them to be
warned at run time. (Given that they won't want to be plagued with
a warning every time they check their mail, I'm thinking of a
warning that appears when a relevant command it used for the first
time, similar to the way disabled commands work.)

N.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.