GNU bug report logs -
#7487
24.0.50; Gnus nnimap broken
Previous Next
Reported by: Jason Rumney <jasonr <at> gnu.org>
Date: Fri, 26 Nov 2010 17:06:02 UTC
Severity: normal
Found in version 24.0.50
Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
>>>> that I'm tempted to go back to just storing this data in the plain-text
>>>> ~/.authinfo file until all this has been worked out.
>>> No!!!! Or only after prompting the user five times for
>>> (different) confirmation.
LMI> If you look at other widely used software packages, like Firefox, they
LMI> default to just storing the passwords in an (obfuscated) non-encrypted
LMI> file. I don't think that's such a bad default.
> It's a terrible default IMO. But you knew I'd say that :)
I also find it terrible. Tho it is at least protected by a 3-way prompt
(tho only 1 rather than 5).
LMI> If you want a more complicated credential storage setup, then that
LMI> should be a user option, not a default. At present, the ~/.authinfo.gpg
LMI> credential storage is not something you can present to a normal user and
LMI> expect them to understand at all.
> How about a .sgpg or .spg extension that signals EPA/EPG that only
> symmetric encryption is desired?
I think that will only push the problem elsewhere, which is "which file
name to use: .authinfo.gpg or .authinfo.spg". It seems simpler to just
let the user configure the behavior she wants. By default just use
symmetric encryption.
Stefan
This bug report was last modified 14 years and 165 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.