GNU bug report logs - #9113
24.0.50; auth-sources: .authinfo versus .authinfo.gpg

Previous Next

Package: emacs;

Reported by: "Roland Winkler" <winkler <at> gnu.org>

Date: Mon, 18 Jul 2011 03:09:01 UTC

Severity: normal

Found in version 24.0.50

Full log

Message #53 received at 9113 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Achim Gratz <Stromeko <at> nexgo.de>
Cc: 9113 <at> debbugs.gnu.org, Stefan Monnier <monnier <at> IRO.UMontreal.CA>,
	Roland Winkler <winkler <at> gnu.org>
Subject: Re: bug#9113: 24.0.50;
	auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
	auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
	auth-sources: .authinfo versus .authinfo.gpg
Date: Mon, 30 Jan 2012 17:33:47 +0100

Ted Zlatanov <tzz <at> lifelogs.com> writes:

> The encryption doesn't have to be strong.  It could use a well-known
> secret that the user can override, rather than an actual passphrase, and
> then no questions will be asked.

Sure.  This is what Firefox (etc.) does, and (most) people seem to be
satisfied with that.  On the other hand, this is just obscuring the
passwords, so the difference between this and, say,

machine smtp.gmail.com user foo password base64:c2VjcmV0

isn't huge.  (I mean, it is a real difference, but I'm not quite sure
whether it's a difference with a distinction.  :-)

So perhaps auth-source should just base64-encode password tokens by
default for Emacs 24.1?  That would give the users less of an "EEK"
feeling if they're looking at this file, and somebody is looking over
their shoulders...

-- 
(domestic pets only, the antidote for overdose, milk.)
  http://lars.ingebrigtsen.no  *  Sent from my Rome
This bug report was last modified 13 years and 123 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.