GNU bug report logs - #28597
26.0.60; [Security] Configure should use --without-pop by default

Previous Next

Full log

Message #77 received at 28597 <at> debbugs.gnu.org (full text, mbox):

From: nljlistbox2 <at> gmail.com (N. Jackson)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: jwiegley <at> gmail.com, Eli Zaretskii <eliz <at> gnu.org>, 28597 <at> debbugs.gnu.org,
 rpluim <at> gmail.com
Subject: Re: bug#28597: 26.0.60;
 [Security] Configure should use --without-pop by default
Date: Tue, 03 Oct 2017 10:29:16 -0400

At 16:20 -0700 on Monday 2017-10-02, Paul Eggert wrote:
>
> On 10/02/2017 11:47 AM, Eli Zaretskii wrote:
>
>> nagging users each time they invoke movemail to fetch via POP3
>> is IMO unacceptable.
>
> Yes, that suggestion is problematic.

Just for the record, I explicitly stated in my suggestion to warm
the user (rather than just the builder) that Emacs should _not_ nag
the user every time.

I was thinking of disabling the commands in question in the case
that they will be insecure and prompting along the lines of:

  You have typed abc, invoking disabled command xyz.

  Beware: This command retrieves POP3 email via only insecure
  channels. See [reference to relevant documentation] for more
  information.

  Do you want to use this command anyway?

  You can now type
  y   to try it and enable it (no questions if you use it again).
  n   to cancel--don't try the command, and it remains disabled.
  SPC to try the command just this once, but leave it disabled.
  !   to try it, and enable all disabled commands for this session only.

This informs the user but only does so once (if they don't want to
be told again); after that they need not see the warning ever
again. Telling someone something once really cannot be described
as "nagging".

N.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.