GNU bug report logs - #28597
26.0.60; [Security] Configure should use --without-pop by default

Previous Next

Package: emacs;

Reported by: nljlistbox2 <at> gmail.com (N. Jackson)

Date: Mon, 25 Sep 2017 15:12:01 UTC

Severity: normal

Found in version 26.0.60

Done: Noam Postavsky <npostavs <at> users.sourceforge.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Eli Zaretskii <eliz <at> gnu.org>, "N. Jackson" <nljlistbox2 <at> gmail.com>
Cc: jwiegley <at> gmail.com, rpluim <at> gmail.com, 28597 <at> debbugs.gnu.org
Subject: bug#28597: 26.0.60; [Security] Configure should use --without-pop by default
Date: Mon, 2 Oct 2017 11:00:47 -0700

On 10/02/2017 10:32 AM, Eli Zaretskii wrote:
> POP3 is not something movemail will silently use
> by itself, the user needs to specify a POP3 "url", referencing the
> server and the user's id (and possibly a password as well) for it to
> do so.  So the user who does that_knows_  they use POP3.

I'm dubious. These days, email clients often use some sort of secure 
connection by default even if you just ask for POP. For example, 
Thunderbird's mail account setup defaults to IMAP, but if you specify 
POP3 it then defaults to autodetecting SSL/TLS or STARTTLS; you must 
explicitly override the default (or specify a server that does not 
support encryption) to get an unencrypted connection.

Users accustomed to other email clients are likely to expect that Emacs 
"pop:whatever" will do something similar.
This bug report was last modified 7 years and 223 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.