GNU bug report logs -
#28597
26.0.60; [Security] Configure should use --without-pop by default
Previous Next
Reported by: nljlistbox2 <at> gmail.com (N. Jackson)
Date: Mon, 25 Sep 2017 15:12:01 UTC
Severity: normal
Found in version 26.0.60
Done: Noam Postavsky <npostavs <at> users.sourceforge.net>
Bug is archived. No further changes may be made.
Full log
Message #92 received at 28597 <at> debbugs.gnu.org (full text, mbox):
> From: nljlistbox2 <at> gmail.com (N. Jackson)
> Cc: Eli Zaretskii <eliz <at> gnu.org>, jwiegley <at> gmail.com, 28597 <at> debbugs.gnu.org, rpluim <at> gmail.com
> Date: Tue, 03 Oct 2017 10:29:16 -0400
>
> I was thinking of disabling the commands in question in the case
> that they will be insecure and prompting along the lines of:
>
> You have typed abc, invoking disabled command xyz.
>
> Beware: This command retrieves POP3 email via only insecure
> channels. See [reference to relevant documentation] for more
> information.
>
> Do you want to use this command anyway?
>
> You can now type
> y to try it and enable it (no questions if you use it again).
> n to cancel--don't try the command, and it remains disabled.
> SPC to try the command just this once, but leave it disabled.
> ! to try it, and enable all disabled commands for this session only.
>
> This informs the user but only does so once (if they don't want to
> be told again); after that they need not see the warning ever
> again. Telling someone something once really cannot be described
> as "nagging".
I don't see how can we do such a thing, since movemail is a
command-line utility written in C, not a Lisp program. People can
(and some do) invoke movemail from the shell prompt.
This bug report was last modified 7 years and 223 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.