GNU bug report logs - #31946
27.0.50; The NSM should warn about more TLS problems

Previous Next

Full log

Message #26 received at 31946 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Jimmy Yuen Ho Wong <wyuenho <at> gmail.com>
Cc: larsi <at> gnus.org, 31946 <at> debbugs.gnu.org, npostavs <at> gmail.com
Subject: Re: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Tue, 26 Jun 2018 17:38:28 +0300

> From: Jimmy Yuen Ho Wong <wyuenho <at> gmail.com>
> Date: Tue, 26 Jun 2018 07:26:20 +0100
> Cc: Lars Ingebrigtsen <larsi <at> gnus.org>, 31946 <at> debbugs.gnu.org
> 
> 1. Forget about defining what tests belongs in what levels, there should just be one level which is the default
> sets of tests, let's call this coarse grain setting.
> 2. Fine grain settings should only allow you to **add** to the default list of checks, so it will be a defcustom of
> an alist (there's prior art of this), let's call this `nsm-additional-checks`
> 3. We can predefine a bunch of check functions that users can add to `nsm-additional-checks` without having
> to write their own.

FWIW, I don't think this will fly with our users: Emacs users don't
like to be second-guessed, nor be told that "Emacs knows better".  And
even if we do go that way, Emacs is not a black box: people will soon
enough discover what we want to conceal, and will do what they want
regardless.

What we can, and probably should, do is prominently document each test
and warn against removing or weakening those which will expose users
to security vulnerabilities.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.