GNU bug report logs - #9113
24.0.50; auth-sources: .authinfo versus .authinfo.gpg

Package: emacs;

Reported by: "Roland Winkler" <winkler <at> gnu.org>

Date: Mon, 18 Jul 2011 03:09:01 UTC

Severity: normal

Found in version 24.0.50

Message #8 received at 9113 <at> debbugs.gnu.org (full text, mbox):

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: Roland Winkler <winkler <at> gnu.org>
Cc: 9113 <at> debbugs.gnu.org
Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Date: Wed, 25 Jan 2012 14:18:21 -0600

On Sun, 17 Jul 2011 22:08:22 -0500 "Roland Winkler" <winkler <at> gnu.org> wrote: 

RW> If an authinfo file does not exists and the user has not customized
RW> anything, something like smtpmail will create a new file .authinfo
RW> with the appropriate entry.

RW> I suggest that instead the code should try first to generate a file
RW> .authinfo.gpg and if this fails it should warn the user that Emacs
RW> is going to create a file .authinfo, which can be very unsafe.

RW> In this context, the doc string of auth-sources is, unfortunately,
RW> not too helpful:

RW>   See the auth.info manual for details.
RW>   [snip]
RW>   It's best to customize this with `M-x customize-variable' because
RW>   the choices can get pretty complex."

RW> The default value of auth-sources should be such that the user is,
RW> at least, on the safe side.

The Emacs maintainers asked me to make the default unencrypted.  I don't
think they will change their position.

Ted

This bug report was last modified 13 years and 123 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #9113 24.0.50; auth-sources: .authinfo versus .authinfo.gpg

GNU bug report logs - #9113
24.0.50; auth-sources: .authinfo versus .authinfo.gpg