bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[N. Jackson]

Configure issues the following warning:

  configure: WARNING: This configuration installs a 'movemail' program
  that retrieves POP3 email via only insecure channels.
  To omit insecure POP3, you can use './configure --without-pop'.

If the warning is true, then --without-pop should be the default,
and users should have to explicitly request an insecure Emacs with
--with-pop.

N.


In GNU Emacs 26.0.60 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.22.17)
 of 2017-09-24 built on moondust.localdomain
Repository revision: d93301242f38d3d9aaa55899c07496f0bdecf391
Windowing system distributor 'Fedora Project', version 11.0.11903000
System Description:	Fedora release 25 (Twenty Five)

Recent messages:
Saving file /home/nlj/.emacs.d/url/cookies...
Wrote /home/nlj/.emacs.d/url/cookies
Auto-saving...done
Mark set
Sending...
Mark set [2 times]
Sending via mail...
Sending email 
Sending email done
Sending...done

Configured using:
 'configure --without-pop 'CFLAGS=-O2 -g3 -gdwarf-4''

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND DBUS GSETTINGS NOTIFY ACL
LIBSELINUX GNUTLS LIBXML2 FREETYPE LIBOTF XFT ZLIB TOOLKIT_SCROLL_BARS
GTK3 X11 LCMS2

Important settings:
  value of $LANG: en_CA.UTF-8
  value of $XMODIFIERS: @im=none
  locale-coding-system: utf-8-unix

Major mode: Text

Minor modes in effect:
  csv-field-index-mode: t
  TeX-PDF-mode: t
  diff-auto-refine-mode: t
  flyspell-mode: t
  pdf-occur-global-minor-mode: t
  shell-dirtrack-mode: t
  recentf-mode: t
  display-battery-mode: t
  display-time-mode: t
  show-paren-mode: t
  savehist-mode: t
  save-place-mode: t
  electric-pair-mode: t
  desktop-save-mode: t
  cl-old-struct-compat-mode: t
  delete-selection-mode: t
  cua-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  temp-buffer-resize-mode: t
  size-indication-mode: t
  column-number-mode: t
  line-number-mode: t
  global-visual-line-mode: t
  visual-line-mode: t
  transient-mark-mode: t

Load-path shadows:
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-contacts hides ~/.emacs.d/modules/org-contacts
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-habit hides /data/projects/vc/emacs/git/emacs/lisp/org/org-habit
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-python hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-python
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-clojure hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-clojure
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-md hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-md
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-macs hides /data/projects/vc/emacs/git/emacs/lisp/org/org-macs
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-groovy hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-groovy
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-odt hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-odt
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-texinfo hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-texinfo
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-protocol hides /data/projects/vc/emacs/git/emacs/lisp/org/org-protocol
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-io hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-io
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-list hides /data/projects/vc/emacs/git/emacs/lisp/org/org-list
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-scheme hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-scheme
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob hides /data/projects/vc/emacs/git/emacs/lisp/org/ob
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-docview hides /data/projects/vc/emacs/git/emacs/lisp/org/org-docview
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-latex hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-latex
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-html hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-html
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-ctags hides /data/projects/vc/emacs/git/emacs/lisp/org/org-ctags
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-src hides /data/projects/vc/emacs/git/emacs/lisp/org/org-src
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-octave hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-octave
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-w3m hides /data/projects/vc/emacs/git/emacs/lisp/org/org-w3m
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-bibtex hides /data/projects/vc/emacs/git/emacs/lisp/org/org-bibtex
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-eww hides /data/projects/vc/emacs/git/emacs/lisp/org/org-eww
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-info hides /data/projects/vc/emacs/git/emacs/lisp/org/org-info
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-processing hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-processing
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-beamer hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-beamer
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-maxima hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-maxima
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-table hides /data/projects/vc/emacs/git/emacs/lisp/org/org-table
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-R hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-R
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-publish hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-publish
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-mscgen hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-mscgen
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-keys hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-keys
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-css hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-css
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-haskell hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-haskell
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-picolisp hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-picolisp
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-timer hides /data/projects/vc/emacs/git/emacs/lisp/org/org-timer
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-feed hides /data/projects/vc/emacs/git/emacs/lisp/org/org-feed
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-emacs-lisp hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-emacs-lisp
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-coq hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-coq
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-J hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-J
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-mhe hides /data/projects/vc/emacs/git/emacs/lisp/org/org-mhe
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-exp hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-exp
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-rmail hides /data/projects/vc/emacs/git/emacs/lisp/org/org-rmail
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-attach hides /data/projects/vc/emacs/git/emacs/lisp/org/org-attach
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-lilypond hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-lilypond
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-version hides /data/projects/vc/emacs/git/emacs/lisp/org/org-version
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-makefile hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-makefile
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-sql hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-sql
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-lob hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-lob
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-abc hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-abc
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-java hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-java
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-shell hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-shell
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-loaddefs hides /data/projects/vc/emacs/git/emacs/lisp/org/org-loaddefs
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-element hides /data/projects/vc/emacs/git/emacs/lisp/org/org-element
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ebnf hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ebnf
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-id hides /data/projects/vc/emacs/git/emacs/lisp/org/org-id
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-crypt hides /data/projects/vc/emacs/git/emacs/lisp/org/org-crypt
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org hides /data/projects/vc/emacs/git/emacs/lisp/org/org
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-plot hides /data/projects/vc/emacs/git/emacs/lisp/org/org-plot
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ruby hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ruby
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-matlab hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-matlab
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-lua hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-lua
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ditaa hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ditaa
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-irc hides /data/projects/vc/emacs/git/emacs/lisp/org/org-irc
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-gnus hides /data/projects/vc/emacs/git/emacs/lisp/org/org-gnus
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-C hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-C
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-lint hides /data/projects/vc/emacs/git/emacs/lisp/org/org-lint
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-comint hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-comint
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-colview hides /data/projects/vc/emacs/git/emacs/lisp/org/org-colview
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-tangle hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-tangle
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-dot hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-dot
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-mobile hides /data/projects/vc/emacs/git/emacs/lisp/org/org-mobile
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-eshell hides /data/projects/vc/emacs/git/emacs/lisp/org/org-eshell
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-sass hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-sass
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-gnuplot hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-gnuplot
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-icalendar hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-icalendar
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-man hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-man
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-capture hides /data/projects/vc/emacs/git/emacs/lisp/org/org-capture
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-plantuml hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-plantuml
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-footnote hides /data/projects/vc/emacs/git/emacs/lisp/org/org-footnote
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-sed hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-sed
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-clock hides /data/projects/vc/emacs/git/emacs/lisp/org/org-clock
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-js hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-js
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-latex hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-latex
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-ascii hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-ascii
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ref hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ref
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-stan hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-stan
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ocaml hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ocaml
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-agenda hides /data/projects/vc/emacs/git/emacs/lisp/org/org-agenda
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-indent hides /data/projects/vc/emacs/git/emacs/lisp/org/org-indent
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-core hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-core
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-pcomplete hides /data/projects/vc/emacs/git/emacs/lisp/org/org-pcomplete
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-datetree hides /data/projects/vc/emacs/git/emacs/lisp/org/org-datetree
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-ledger hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-ledger
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-shen hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-shen
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-entities hides /data/projects/vc/emacs/git/emacs/lisp/org/org-entities
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-macro hides /data/projects/vc/emacs/git/emacs/lisp/org/org-macro
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-forth hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-forth
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-mouse hides /data/projects/vc/emacs/git/emacs/lisp/org/org-mouse
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-sqlite hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-sqlite
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox-org hides /data/projects/vc/emacs/git/emacs/lisp/org/ox-org
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-screen hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-screen
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-asymptote hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-asymptote
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-eval hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-eval
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-archive hides /data/projects/vc/emacs/git/emacs/lisp/org/org-archive
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ox hides /data/projects/vc/emacs/git/emacs/lisp/org/ox
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-org hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-org
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-perl hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-perl
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-faces hides /data/projects/vc/emacs/git/emacs/lisp/org/org-faces
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-bbdb hides /data/projects/vc/emacs/git/emacs/lisp/org/org-bbdb
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-compat hides /data/projects/vc/emacs/git/emacs/lisp/org/org-compat
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-lisp hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-lisp
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-install hides /data/projects/vc/emacs/git/emacs/lisp/org/org-install
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-awk hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-awk
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-calc hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-calc
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/org-inlinetask hides /data/projects/vc/emacs/git/emacs/lisp/org/org-inlinetask
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-table hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-table
/home/nlj/.emacs.d/elpa/org-plus-contrib-20170917/ob-fortran hides /data/projects/vc/emacs/git/emacs/lisp/org/ob-fortran

Features:
(mailalias smtpmail shadow bbdb-message emacsbug sendmail eieio-opt
speedbar sb-image ezimage dframe help-fns radix-tree smiley gnus-cite
gnus-async gnus-bcklg qp mail-extr gnus-ml disp-table hl-line mm-archive
url-http url-gw url-cache url-auth nnrss mm-url url url-proxy
url-privacy url-expand url-methods url-history url-cookie url-domsuf
url-util nndraft nnmh utf-7 server pinentry epa-file network-stream nsm
starttls nnfolder bbdb-gnus bbdb-mua nnnil gnus-agent gnus-srvr
gnus-score score-mode nnvirtual gnus-msg nntp gnus-cache cl-extra
help-mode plain-tex ox-koma-letter ox-odt rng-loc rng-uri rng-parse
rng-match rng-dt rng-util rng-pttrn nxml-parse nxml-ns nxml-enc xmltok
nxml-util ox-icalendar ox-html table ox-beamer ox-latex ox-ascii
ox-publish ox latexenc preview prv-emacs font-latex tex-mode sh-script
smie executable csv-mode sort make-mode tex-buf latex tex-ispell
tex-style tex-info tex dbus xml texinfo view vc-git diff-mode map
flyspell ispell pdf-occur ibuf-ext ibuffer ibuffer-loaddefs tablist
tablist-filter semantic/wisent/comp semantic/wisent
semantic/wisent/wisent semantic/util-modes semantic/util semantic
semantic/tag semantic/lex semantic/fw mode-local cedet pdf-isearch
let-alist pdf-misc imenu pdf-tools compile cus-edit pdf-view bookmark pp
pdf-cache pdf-info tq pdf-util org-contacts org-capture gnus-art mm-uu
mml2015 mm-view mml-smime smime dig mailcap gnus-sum gnus-group
gnus-undo gnus-start gnus-cloud nnimap nnmail mail-source tls gnutls
utf7 netrc nnoo parse-time gnus-spec gnus-int gnus-range message subr-x
puny rfc822 mml mml-sec epa derived epg mm-decode mm-bodies mm-encode
mail-parse rfc2231 gmm-utils mailheader gnus-win gnus nnheader
org-duration org-eldoc org-w3m org-rmail org-mhe org-irc org-info
org-habit org-gnus gnus-util rmail rmail-loaddefs rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mail-utils org-docview doc-view jka-compr
image-mode dired-x dired dired-loaddefs org-bibtex bibtex org-bbdb
org-agenda org-element avl-tree generator org advice org-macro
org-footnote org-pcomplete org-list org-faces org-entities noutline
outline easy-mmode org-version ob-shell shell pcomplete ob-R ob-python
ob-plantuml ob-org ob-gnuplot ob-ditaa ob-calc calc-store calc-trail
calc-ext calc calc-loaddefs calc-macs ob-awk ob-dot ob-maxima ob-latex
ob-emacs-lisp ob ob-tangle org-src ob-ref ob-lob ob-table ob-keys ob-exp
ob-comint comint ansi-color ring ob-core ob-eval org-compat org-macs
org-loaddefs format-spec find-func bbdb-anniv diary-lib diary-loaddefs
cal-menu calendar cal-loaddefs bbdb-com crm mailabbrev bbdb bbdb-site
timezone bbdb-loaddefs finder-inf tex-site info package epg-config
url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs
eieio-loaddefs password-cache url-vars ido seq byte-opt gv bytecomp
byte-compile cconv edmacro kmacro recentf tree-widget wid-edit easymenu
battery time wheatgrass-theme paren savehist saveplace elec-pair desktop
frameset cl-loaddefs cl-lib delsel cua-base cus-start cus-load time-date
mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar
dnd fontset image regexp-opt fringe tabulated-list replace newcomment
text-mode elisp-mode lisp-mode prog-mode register page menu-bar
rfn-eshadow isearch timer select scroll-bar mouse jit-lock font-lock
syntax facemenu font-core term/tty-colors frame cl-generic cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese composite charscript charprop
case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer
cl-preloaded nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote dbusbind inotify lcms2
dynamic-setting system-font-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty make-network-process emacs)

Memory information:
((conses 16 689215 96669)
 (symbols 48 110300 3)
 (miscs 40 23503 3850)
 (strings 32 205188 8309)
 (string-bytes 1 6888177)
 (vectors 16 58257)
 (vector-slots 8 1051566 26908)
 (floats 8 519 825)
 (intervals 56 30691 0)
 (buffers 992 109))

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[John Wiegley]

>>>>> "NJ" == N Jackson <nljlistbox2@gmail.com> writes:

NJ> Configure issues the following warning:
NJ>   configure: WARNING: This configuration installs a 'movemail' program
NJ>   that retrieves POP3 email via only insecure channels.
NJ>   To omit insecure POP3, you can use './configure --without-pop'.

NJ> If the warning is true, then --without-pop should be the default, and
NJ> users should have to explicitly request an insecure Emacs with --with-pop.

You are requesting a change in behavior that is exceedingly old, so I would
like to hear from others what they think about making a change like this.
Given how much less of a thing POP is becoming over the years, I'd be in favor
of changing the default here.

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Robert Pluim]

John Wiegley <jwiegley@gmail.com> writes:

>>>>>> "NJ" == N Jackson <nljlistbox2@gmail.com> writes:
>
> NJ> Configure issues the following warning:
> NJ>   configure: WARNING: This configuration installs a 'movemail' program
> NJ>   that retrieves POP3 email via only insecure channels.
> NJ>   To omit insecure POP3, you can use './configure --without-pop'.
>
> NJ> If the warning is true, then --without-pop should be the default, and
> NJ> users should have to explicitly request an insecure Emacs with --with-pop.
>
> You are requesting a change in behavior that is exceedingly old, so I would
> like to hear from others what they think about making a change like this.
> Given how much less of a thing POP is becoming over the years, I'd be in favor
> of changing the default here.

I'm sure there are still people stuck with using POP3, but they should
be gently incited to move to POP3S or IMAPS the same way people should
be steered away from http and TLS < 1.2. Making the default be
--without-pop is one way to do that.

Regards

Robert

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Glenn Morris]

See previous discussion in https://debbugs.gnu.org/26102

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Paul Eggert]

As Glenn noted, the 'configure' message N. mentions came from an uneasy 
compromise between worry about the default lack-of-security in Emacs, 
and worry about backward compatibility (see Bug#26102). Although I favor 
making --without-pop the default, at this point it's really an issue for 
the two maintainers to decide.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[John Wiegley]

>>>>> Paul Eggert <eggert@cs.ucla.edu> writes:

> As Glenn noted, the 'configure' message N. mentions came from an uneasy
> compromise between worry about the default lack-of-security in Emacs, and
> worry about backward compatibility (see Bug#26102). Although I favor making
> --without-pop the default, at this point it's really an issue for the two
> maintainers to decide.

I'm OK making it the default. Let's wait until Eli's back from his trip and he
can add his thoughts.

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Eli Zaretskii]

> From: John Wiegley <jwiegley@gmail.com>
> Date: Tue, 26 Sep 2017 11:51:59 -0700
> Cc: "N. Jackson" <nljlistbox2@gmail.com>, 28597@debbugs.gnu.org
> 
> >>>>> Paul Eggert <eggert@cs.ucla.edu> writes:
> 
> > As Glenn noted, the 'configure' message N. mentions came from an uneasy
> > compromise between worry about the default lack-of-security in Emacs, and
> > worry about backward compatibility (see Bug#26102). Although I favor making
> > --without-pop the default, at this point it's really an issue for the two
> > maintainers to decide.
> 
> I'm OK making it the default. Let's wait until Eli's back from his trip and he
> can add his thoughts.

I already agreed in
http://lists.gnu.org/archive/html/emacs-devel/2017-08/msg00054.html to
have --without-pop be the default, and Paul already installed a patch
to do that.  So I'm confused about this discussion: what exactly is
the problem, and what needs to be done/decided?  Are we talking about
Posix systems where GNU Mailutils are not available?  If so, do we
want to leave them without movemail at all rather than with one which
supports POP3?  Or do we want to give them movemail, but without POP3?

IOW, from my POV, most of the issues addressed in the cited bug#26102
were resolved as proposed there many moons ago, and I'm unsure what's
left, and why is it a problem.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Robert Pluim]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: John Wiegley <jwiegley@gmail.com>
>> Date: Tue, 26 Sep 2017 11:51:59 -0700
>> Cc: "N. Jackson" <nljlistbox2@gmail.com>, 28597@debbugs.gnu.org
>> 
>> >>>>> Paul Eggert <eggert@cs.ucla.edu> writes:
>> 
>> > As Glenn noted, the 'configure' message N. mentions came from an uneasy
>> > compromise between worry about the default lack-of-security in Emacs, and
>> > worry about backward compatibility (see Bug#26102). Although I favor making
>> > --without-pop the default, at this point it's really an issue for the two
>> > maintainers to decide.
>> 
>> I'm OK making it the default. Let's wait until Eli's back from his trip and he
>> can add his thoughts.
>
> I already agreed in
> http://lists.gnu.org/archive/html/emacs-devel/2017-08/msg00054.html to
> have --without-pop be the default, and Paul already installed a patch
> to do that.  So I'm confused about this discussion: what exactly is
> the problem, and what needs to be done/decided?  Are we talking about
> Posix systems where GNU Mailutils are not available?  If so, do we
> want to leave them without movemail at all rather than with one which
> supports POP3?  Or do we want to give them movemail, but without POP3?

I thought we were discussing making --without-pop be the default even
if GNU Mailutils are not available, and it's what I'm
advocating. Paul's patch only did that if they were found.

If that means that some people need to install GNU Mailutils, which
support secure(r) protocols, then I'm all in favour.

Robert

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[N. Jackson]

At 16:14 +0300 on Friday 2017-09-29, Eli Zaretskii wrote:
>
>> >>>>> Paul Eggert <eggert@cs.ucla.edu> writes:
>> 
>> > As Glenn noted, the 'configure' message N. mentions came from
>> > an uneasy compromise between worry about the default
>> > lack-of-security in Emacs, and worry about backward
>> > compatibility (see Bug#26102). Although I favor making
>> > --without-pop the default, at this point it's really an issue
>> > for the two maintainers to decide.
>
> I already agreed in
> http://lists.gnu.org/archive/html/emacs-devel/2017-08/msg00054.html
> to have --without-pop be the default, and Paul already installed
> a patch to do that.

And yet --without-pop does not appear to be the default here on the
emacs-26 branch.

I updated a few minutes ago (commit
61225964edbaa01e49a6e776af00502ab31767b5), and running configure
writes the following to stderr:

  configure: WARNING: Your version of Gtk+ will have problems with
         closing open displays.  This is no problem if you just use
         one display, but if you use more than one and close one of them
         Emacs may crash.
         See http://bugzilla.gnome.org/show_bug.cgi?id=85715
  configure: WARNING: This configuration installs a 'movemail' program
  that retrieves POP3 email via only insecure channels.
  To omit insecure POP3, you can use './configure --without-pop'.

> So I'm confused about this discussion: what exactly is the
> problem, and what needs to be done/decided?

The problem is that --without-pop is not the default, or at least
that it appears that it is not the default. The general agreement
seems to be that it should be the default.

N.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Eli Zaretskii]

> From: Robert Pluim <rpluim@gmail.com>
> Cc: John Wiegley <jwiegley@gmail.com>,  nljlistbox2@gmail.com,  eggert@cs.ucla.edu,  28597@debbugs.gnu.org
> Date: Fri, 29 Sep 2017 16:05:42 +0200
> 
> I thought we were discussing making --without-pop be the default even
> if GNU Mailutils are not available, and it's what I'm
> advocating. Paul's patch only did that if they were found.

If that's what people want, fine with me on Posix platforms, but not
on MS-Windows (where Mailutils are not available, and probably never
will be).

> If that means that some people need to install GNU Mailutils, which
> support secure(r) protocols, then I'm all in favour.

But the effect of encouraging the installation of Mailutils will only
be achieved if the configure script displays something about that.
AFIU, the proposal was to make --without-pop the default and not
display any message, in which case people just get movemail without
POP3, and we might be silently breaking someone's setup.  Do we want
that?

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Eli Zaretskii]

> From: nljlistbox2@gmail.com (N. Jackson)
> Cc: John Wiegley <jwiegley@gmail.com>,  eggert@cs.ucla.edu,  28597@debbugs.gnu.org
> Date: Fri, 29 Sep 2017 12:07:14 -0400
> 
> > I already agreed in
> > http://lists.gnu.org/archive/html/emacs-devel/2017-08/msg00054.html
> > to have --without-pop be the default, and Paul already installed
> > a patch to do that.
> 
> And yet --without-pop does not appear to be the default here on the
> emacs-26 branch.

Do you have Mailutils installed?  That default is activated only if
you do.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[N. Jackson]

At 20:53 +0300 on Friday 2017-09-29, Eli Zaretskii wrote:
>
> Do you have Mailutils installed?

No, I don't. (Sadly it is unavailable from the Fedora repositories
and I have never had a reason to build it myself.)

[I have a local IMAP server and I retrieve my mail into it
variously with fetchmail and getmail, so I never use pop in
Emacs.]

> That default is activated only if you do.

I see.

I don't think that makes sense, does it? There's nothing terribly
odd about my system and if the warning message from config is
true, then _by default_ I'm going to get built an insecure Emacs.

I think that --without-pop should be the default. Unconditionally.

N.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Eli Zaretskii]

> From: nljlistbox2@gmail.com (N. Jackson)
> Cc: jwiegley@gmail.com,  eggert@cs.ucla.edu,  28597@debbugs.gnu.org
> Date: Fri, 29 Sep 2017 14:14:29 -0400
> 
> > That default is activated only if you do [have Mailutils].
> 
> I see.
> 
> I don't think that makes sense, does it?

I hope it does, as this is what I asked for at the time, for reasons
that did make sense to me.

> There's nothing terribly odd about my system and if the warning
> message from config is true, then _by default_ I'm going to get
> built an insecure Emacs.

Only if you use POP3 to fetch your mail.  Which I presume you don't;
if you did; building --without-pop by default would have left you with
no way of getting your email into Emacs.

> I think that --without-pop should be the default. Unconditionally.

We should think about all of our users when we make such decisions.  I
myself don't use unencrypted POP3 either, but I'm worried about the
effect this change could have on someone who does.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Robert Pluim]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Robert Pluim <rpluim@gmail.com>
>> Cc: John Wiegley <jwiegley@gmail.com>,  nljlistbox2@gmail.com,  eggert@cs.ucla.edu,  28597@debbugs.gnu.org
>> Date: Fri, 29 Sep 2017 16:05:42 +0200
>> 
>> I thought we were discussing making --without-pop be the default even
>> if GNU Mailutils are not available, and it's what I'm
>> advocating. Paul's patch only did that if they were found.
>
> If that's what people want, fine with me on Posix platforms, but not
> on MS-Windows (where Mailutils are not available, and probably never
> will be).
>

I'll defer to you on MS-Windows affairs :-)

>> If that means that some people need to install GNU Mailutils, which
>> support secure(r) protocols, then I'm all in favour.
>
> But the effect of encouraging the installation of Mailutils will only
> be achieved if the configure script displays something about that.
> AFIU, the proposal was to make --without-pop the default and not
> display any message, in which case people just get movemail without
> POP3, and we might be silently breaking someone's setup.  Do we want
> that?

No, we don't. I'll see if I can come up with some verbiage over the
weekend, once I reconfigure my brain to (re-)understand autoconf

Robert

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Robert Pluim]

[-- Attachment #1: Type: text/plain, Size: 1786 bytes --]

Robert Pluim <rpluim@gmail.com> writes:
> No, we don't. I'll see if I can come up with some verbiage over the
> weekend, once I reconfigure my brain to (re-)understand autoconf

Apologies for the delay. Autoconf and I don't get on.

The attached patch against emacs-26 results in the following outputs
at the end of the ./configure run. I'm not sure we should suggest
'--without-pop' when that's the new default, but it's probably best to
be explicit.


---begin---
No mailutils installed, ./configure:

configure: WARNING: This configuration installs a 'movemail' program
    that does not support POP3 mail retrieval at all due to lack of
    support for secure channels.
    You might want to install GNU Mailutils
    <http://mailutils.org>
    You can use './configure  --with-pop',
    but this is not recommended.

No mailutils installed, ./configure --with-pop:

configure: WARNING: This configuration installs a 'movemail' program
    that retrieves POP3 email via only insecure channels.
    To omit insecure POP3, you can use './configure --without-pop'.

With mailutils installed, ./configure --without-mailutils:

configure: WARNING: This configuration installs a 'movemail' program
    that does not support POP3 mail retrieval at all due to lack of
    support for secure channels.
    You can use './configure --without-mailutils --with-pop',
    but this is not recommended.

With mailutils installed, ./configure --without-mailutils --with-pop:

configure: WARNING: This configuration installs a 'movemail' program
    that retrieves POP3 email via only insecure channels.
    To omit insecure POP3, you can use './configure --without-pop'.

With mailutils installed, ./configure --with-pop:

# no output

With mailutils installed, ./configure

# no output

---end---

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-Default-to-without-pop.patch --]
[-- Type: text/x-diff, Size: 2948 bytes --]

From 2002807183af9e1c61ecd36bd04c28a269b7a6b5 Mon Sep 17 00:00:00 2001
From: Robert Pluim <rpluim@gmail.com>
Date: Mon, 2 Oct 2017 18:20:58 +0200
Subject: [PATCH] Default to --without-pop

2017-10-02  Robert Pluim  <rpluim@gmail.com>

	* configure.ac (with_pop): Default to off.  Warn loudly when
	this results in not supporting insecure POP3.
---
 configure.ac | 33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0b0bb5e144..c692c7a532 100644
--- a/configure.ac
+++ b/configure.ac
@@ -232,9 +232,11 @@ AC_DEFUN
    m4_bpatsubst([with_$1], [[^0-9a-z]], [_])=$with_features])dnl
 ])dnl
 
-# FIXME: The default options '--without-mailutils --with-pop' result
+# The options '--without-mailutils --with-pop' result
 # in a movemail implementation that supports only unencrypted POP3
-# connections.  Encrypted connections should be the default.
+# connections, but we warn about that later. By default we
+# do *not* support unencrypted POP3
+# Encrypted connections should be the default.
 
 AC_ARG_WITH([mailutils],
   [AS_HELP_STRING([--with-mailutils],
@@ -251,8 +253,8 @@ AC_DEFUN
 fi
 AC_SUBST([with_mailutils])
 
-OPTION_DEFAULT_ON([pop],
-  [don't support POP mail retrieval with movemail (--without-pop or
+OPTION_DEFAULT_OFF([pop],
+  [support POP mail retrieval with movemail (--without-pop or
    --with-mailutils is recommended, as movemail POP is insecure)])
 if test "$with_pop" = yes; then
    AC_DEFINE(MAIL_USE_POP)
@@ -5566,23 +5568,28 @@ m4_define
 if test ! "$with_mailutils"; then
   if test "$with_pop" = yes; then
     AC_MSG_WARN([This configuration installs a 'movemail' program
-that retrieves POP3 email via only insecure channels.
-To omit insecure POP3, you can use '$0 --without-pop'.])
-  fi
-
+    that retrieves POP3 email via only insecure channels.
+    To omit insecure POP3, you can use '$0 --without-pop'.])
+  else
   case $opsys in
     mingw32)
       # Don't suggest GNU Mailutils, as it hasn't been ported.
       ;;
     *)
-      emacs_fix_movemail="use '$0 --with-mailutils'"
+      emacs_use_pop="You can use '$0 ${emacs_config_options} --with-pop',
+    but this is not recommended."
       case `(movemail --version) 2>/dev/null` in
-	*Mailutils*) ;;
-	*) emacs_fix_movemail="install GNU Mailutils
-<http://mailutils.org> and $emacs_fix_movemail";;
+	*Mailutils*) emacs_fix_suggestion="$emacs_use_pop";;
+	*) emacs_fix_suggestion="You might want to install GNU Mailutils
+    <http://mailutils.org>
+    $emacs_use_pop";;
       esac
-      AC_MSG_NOTICE([You might want to $emacs_fix_movemail.]);;
+      AC_MSG_WARN([This configuration installs a 'movemail' program
+    that does not support POP3 mail retrieval at all due to lack of
+    support for secure channels.
+    $emacs_fix_suggestion]);;
   esac
+  fi
 fi
 
 test "$MAKE" = make || AC_MSG_NOTICE([Now you can run '$MAKE'.])
-- 
2.14.2.642.g20fed7cad

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[N. Jackson]

At 22:11 +0300 on Friday 2017-09-29, Eli Zaretskii wrote:
>
>> From: nljlistbox2@gmail.com (N. Jackson)
>> Date: Fri, 29 Sep 2017 14:14:29 -0400
>> 
>> I don't think that makes sense, does it?
>
> I hope it does, as this is what I asked for at the time, for
> reasons that did make sense to me.

Indeed. You considered broader factors than I was aware of
previously.

>> There's nothing terribly odd about my system and if the warning
>> message from config is true, then _by default_ I'm going to get
>> built an insecure Emacs.
>
> Only if you use POP3 to fetch your mail.

This raised a question in my mind (which has probably already
been considered and dealt with). When a user has an Emacs that's
configured to use an insecure movemail for POP3, when they issue a
command in Emacs that invokes it, do they get a warning from
Emacs?

Given that many users don't build their own Emacs, they'll not see
a warning from configure, so it would seem sensible for them to be
warned at run time. (Given that they won't want to be plagued with
a warning every time they check their mail, I'm thinking of a
warning that appears when a relevant command it used for the first
time, similar to the way disabled commands work.)

N.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Eli Zaretskii]

> From: nljlistbox2@gmail.com (N. Jackson)
> Cc: jwiegley@gmail.com,  eggert@cs.ucla.edu,  28597@debbugs.gnu.org, Robert Pluim <rpluim@gmail.com>
> Date: Mon, 02 Oct 2017 13:22:01 -0400
> 
> >> There's nothing terribly odd about my system and if the warning
> >> message from config is true, then _by default_ I'm going to get
> >> built an insecure Emacs.
> >
> > Only if you use POP3 to fetch your mail.
> 
> This raised a question in my mind (which has probably already
> been considered and dealt with). When a user has an Emacs that's
> configured to use an insecure movemail for POP3, when they issue a
> command in Emacs that invokes it, do they get a warning from
> Emacs?

No, they don't.  But POP3 is not something movemail will silently use
by itself, the user needs to specify a POP3 "url", referencing the
server and the user's id (and possibly a password as well) for it to
do so.  So the user who does that _knows_ they use POP3.  IOW, a
deliberate user action is needed for POP3 to be used.

> Given that many users don't build their own Emacs, they'll not see
> a warning from configure, so it would seem sensible for them to be
> warned at run time. (Given that they won't want to be plagued with
> a warning every time they check their mail, I'm thinking of a
> warning that appears when a relevant command it used for the first
> time, similar to the way disabled commands work.)

We also don't warn them when they use HTTP or FTP from Emacs, on the
assumption that users know what they are doing.  There's a limit to
our ability to nag users in order to save them from themselves.  At
some point, we need to start treating them as responsible adults, IMO.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Paul Eggert]

On 10/02/2017 10:32 AM, Eli Zaretskii wrote:
> POP3 is not something movemail will silently use
> by itself, the user needs to specify a POP3 "url", referencing the
> server and the user's id (and possibly a password as well) for it to
> do so.  So the user who does that_knows_  they use POP3.

I'm dubious. These days, email clients often use some sort of secure 
connection by default even if you just ask for POP. For example, 
Thunderbird's mail account setup defaults to IMAP, but if you specify 
POP3 it then defaults to autodetecting SSL/TLS or STARTTLS; you must 
explicitly override the default (or specify a server that does not 
support encryption) to get an unencrypted connection.

Users accustomed to other email clients are likely to expect that Emacs 
"pop:whatever" will do something similar.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Paul Eggert]

On 10/02/2017 10:22 AM, N. Jackson wrote:
> When a user has an Emacs that's
> configured to use an insecure movemail for POP3, when they issue a
> command in Emacs that invokes it, do they get a warning from
> Emacs?

We discussed options for warning at some length (sorry, don't remember 
where; perhaps Gnus-related?), with the idea of putting a flag in the 
mode line or something like that. I don't recall what happened (if 
anything).

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Paul Eggert]

[-- Attachment #1: Type: text/plain, Size: 414 bytes --]

Thanks for working on this. However, Eli asked for --with-pop to remain 
the default on native MS-Windows. Also, I found the newly-added warnings 
confusing (though admittedly everything is confusing here :-).

How about the attached patch instead? It does not change the 
configure-time warnings. It merely changes the default, so that 
--without-pop is now the default on platforms other than native MS-Windows.

[-- Attachment #2: 0001-with-pop-is-now-the-default-only-on-MS-Windows.patch --]
[-- Type: text/x-patch, Size: 3603 bytes --]

From 0e6c02134df40b56ca3b100ae0cc1a9d957a6e7f Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 2 Oct 2017 11:17:36 -0700
Subject: [PATCH] --with-pop is now the default only on MS-Windows

Problem reported by N. Jackson (Bug#28597).
This improves an earlier suggestion by Robert Pluim (Bug#28597#47).
* INSTALL, configure.ac, etc/NEWS:
Make --with-pop the default only on native MS-Windows.
---
 INSTALL      |  6 ++++--
 configure.ac | 19 +++++++++++++------
 etc/NEWS     |  5 +++--
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/INSTALL b/INSTALL
index e76e843ce2..e93b3064fc 100644
--- a/INSTALL
+++ b/INSTALL
@@ -273,8 +273,10 @@ a POP3 server by default.  Versions of the POP protocol older than
 POP3 are not supported.  While POP3 support is typically enabled,
 whether Emacs actually uses POP3 is controlled by individual users;
 see the Rmail chapter of the Emacs manual.  Unless --with-mailutils is
-in effect, it is a good idea to configure --without-pop so that users
-are less likely to inadvertently read email via insecure channels.
+in effect, it is a good idea to configure without POP3 support so that
+users are less likely to inadvertently read email via insecure
+channels.  On native MS-Windows, --with-pop is the default; on other
+platforms, --without-pop is the default.
 
 For image support you may have to download, build, and install the
 appropriate image support libraries for image types other than XBM and
diff --git a/configure.ac b/configure.ac
index eb2c684040..3feac73bed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -232,9 +232,9 @@ AC_DEFUN
    m4_bpatsubst([with_$1], [[^0-9a-z]], [_])=$with_features])dnl
 ])dnl
 
-# FIXME: The default options '--without-mailutils --with-pop' result
-# in a movemail implementation that supports only unencrypted POP3
-# connections.  Encrypted connections should be the default.
+# For retrieving mail, unencrypted network connections are the default
+# only on native MS-Windows platforms.  (FIXME: These platforms should
+# also be secure by default.)
 
 AC_ARG_WITH([mailutils],
   [AS_HELP_STRING([--with-mailutils],
@@ -251,9 +251,16 @@ AC_DEFUN
 fi
 AC_SUBST([with_mailutils])
 
-OPTION_DEFAULT_ON([pop],
-  [don't support POP mail retrieval with movemail (--without-pop or
-   --with-mailutils is recommended, as movemail POP is insecure)])
+AC_ARG_WITH([pop],
+  [AS_HELP_STRING([--with-pop],
+     [Support POP mail retrieval if Emacs movemail is used (not recommended,
+      as Emacs movemail POP is insecure).  This is the default only on
+      native MS-Windows.])],
+  [],
+  [case $host in
+     *-mingw*) with_pop=yes;;
+     *) with_pop=no;;
+   esac])
 if test "$with_pop" = yes; then
    AC_DEFINE(MAIL_USE_POP)
 fi
diff --git a/etc/NEWS b/etc/NEWS
index b734e8dd19..62d2450f9a 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -35,8 +35,9 @@ GNU Mailutils to retrieve email.  It is recommended, and is the
 default if GNU Mailutils is installed.  When --with-mailutils is not
 in effect, the Emacs build procedure by default continues to build and
 install a limited 'movemail' substitute that retrieves POP3 email only
-via insecure channels; to avoid this problem, use either
---with-mailutils or --without-pop when configuring.
+via insecure channels.  To avoid this problem, use either
+--with-mailutils or --without-pop when configuring; --without-pop
+is the default on platforms other than native MS-Windows.
 
 ** The new option 'configure --enable-gcc-warnings=warn-only' causes
 GCC to issue warnings without stopping the build.  This behavior is
-- 
2.13.6

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Eli Zaretskii]

> Cc: jwiegley@gmail.com, 28597@debbugs.gnu.org, rpluim@gmail.com
> From: Paul Eggert <eggert@cs.ucla.edu>
> Date: Mon, 2 Oct 2017 11:00:47 -0700
> 
> Users accustomed to other email clients are likely to expect that Emacs 
> "pop:whatever" will do something similar.

I'm dubious.  And I don't see how setting up other MUA is of any use
here, because we also use an encrypted POP3 connection
_if_it's_available_, e.g. via Mailutils, Gnus, etc.

But nagging users each time they invoke movemail to fetch via POP3 is
IMO unacceptable.  I'm sick and tired of similar nagging from Firefox,
and I definitely will object that Emacs behaves the same.  We
shouldn't patronize our users to that degree.  Let the Emacs packagers
worry about making their distributions more secure e,g, by depending
on Mailutils.

Anyway, I think we've cut enough slices of this salami, so let's stop,
and let's leave those who want to use POP3 nonetheless to their
devices.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Paul Eggert]

On 10/02/2017 11:47 AM, Eli Zaretskii wrote:

> nagging users each time they invoke movemail to fetch via POP3 is
> IMO unacceptable.

Yes, that suggestion is problematic. But that (older) discussion is 
somewhat independent of the current thread, which is about builders and 
installers more than it is about users.

> we also use an encrypted POP3 connection
> _if_it's_available_, e.g. via Mailutils, Gnus, etc.

The concern here is about RMAIL, which currently uses Emacs movemail in 
the all-too-common case where Mailutils is not installed. In emacs-26 
the relevant section of the Emacs manual (doc/emacs/rmail.texi) says for 
the pop: protocol: "If the server supports it, ‘movemail’ tries to use 
an encrypted connection—use the ‘pops’ form to require one." This 
documents 'pop:' as meaning "encrypt if the server supports encryption, 
otherwise fall back on unencrypted", which is a natural expectation for 
users nowadays and is how Thunderbird works by default; but it's not how 
RMAIL works with Emacs movemail and 'pop:', as these connections are 
always unencrypted.

> I think we've cut enough slices of this salami, so let's stop,

Does this mean, stop before installing the patch proposed in 
Bug#28597#62, or stop after installing that patch? I hope it means the 
latter. That patch attempts to implement your suggestion in 
Bug#28597#32, as quoted below:

> > From: Robert Pluim <rpluim <at> gmail.com> ...
> > 
> > I thought we were discussing making --without-pop be the default even
> > if GNU Mailutils are not available, and it's what I'm
> > advocating. Paul's patch only did that if they were found.
>
> If that's what people want, fine with me on Posix platforms, but not
> on MS-Windows (where Mailutils are not available, and probably never
> will be).

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Eli Zaretskii]

> Cc: nljlistbox2@gmail.com, jwiegley@gmail.com, 28597@debbugs.gnu.org,
>  rpluim@gmail.com
> From: Paul Eggert <eggert@cs.ucla.edu>
> Date: Mon, 2 Oct 2017 16:20:26 -0700
> 
> > I think we've cut enough slices of this salami, so let's stop,
> 
> Does this mean, stop before installing the patch proposed in 
> Bug#28597#62, or stop after installing that patch? I hope it means the 
> latter.

The latter, of course.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Robert Pluim]

Paul Eggert <eggert@cs.ucla.edu> writes:

> Thanks for working on this. However, Eli asked for --with-pop to
> remain the default on native MS-Windows. Also, I found the newly-added
> warnings confusing (though admittedly everything is confusing here
> :-).

You're right, I thought he was talking only about the Mailutils
recommendation, but I misread.

> How about the attached patch instead? It does not change the
> configure-time warnings. It merely changes the default, so that
> --without-pop is now the default on platforms other than native
> MS-Windows.

Eli wanted to avoid silently changing the default, which is why I
worked on creating confusing warnings :-)

I'm not wedded to the form, but I think configure should output
*something* to warn people about the change in behaviour.  Or we go
full radical and disable building our own mailutils on non MS-Windows,
thus simplifying this mess greatly (we'd have to warn a bit more
loudly if GNU Mailutils aren't installed, though)

Robert

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[N. Jackson]

At 16:20 -0700 on Monday 2017-10-02, Paul Eggert wrote:
>
> On 10/02/2017 11:47 AM, Eli Zaretskii wrote:
>
>> nagging users each time they invoke movemail to fetch via POP3
>> is IMO unacceptable.
>
> Yes, that suggestion is problematic.

Just for the record, I explicitly stated in my suggestion to warm
the user (rather than just the builder) that Emacs should _not_ nag
the user every time.

I was thinking of disabling the commands in question in the case
that they will be insecure and prompting along the lines of:

  You have typed abc, invoking disabled command xyz.

  Beware: This command retrieves POP3 email via only insecure
  channels. See [reference to relevant documentation] for more
  information.

  Do you want to use this command anyway?

  You can now type
  y   to try it and enable it (no questions if you use it again).
  n   to cancel--don't try the command, and it remains disabled.
  SPC to try the command just this once, but leave it disabled.
  !   to try it, and enable all disabled commands for this session only.

This informs the user but only does so once (if they don't want to
be told again); after that they need not see the warning ever
again. Telling someone something once really cannot be described
as "nagging".

N.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Eli Zaretskii]

> From: Robert Pluim <rpluim@gmail.com>
> Cc: Eli Zaretskii <eliz@gnu.org>,  jwiegley@gmail.com,  28597@debbugs.gnu.org,  nljlistbox2@gmail.com
> Date: Tue, 03 Oct 2017 10:09:15 +0200
> 
> I'm not wedded to the form, but I think configure should output
> *something* to warn people about the change in behaviour.  Or we go
> full radical and disable building our own mailutils on non MS-Windows,
> thus simplifying this mess greatly (we'd have to warn a bit more
> loudly if GNU Mailutils aren't installed, though)

Not building movemail if Mailutils are not installed is too harsh,
because movemail supports methods other than POP3.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Robert Pluim]

nljlistbox2@gmail.com (N. Jackson) writes:

> At 16:20 -0700 on Monday 2017-10-02, Paul Eggert wrote:
>>
>> On 10/02/2017 11:47 AM, Eli Zaretskii wrote:
>>
>>> nagging users each time they invoke movemail to fetch via POP3
>>> is IMO unacceptable.
>>
>> Yes, that suggestion is problematic.
>
> Just for the record, I explicitly stated in my suggestion to warm
> the user (rather than just the builder) that Emacs should _not_ nag
> the user every time.
>
> I was thinking of disabling the commands in question in the case
> that they will be insecure and prompting along the lines of:
>
>   You have typed abc, invoking disabled command xyz.
>

Except that there's not a single specific command that retrieves mail
via POP3, it's wired into the guts of rmail, and I'd rather not touch
that.

This is all starting to sound like overkill compared to simply warning
the builder, especially since people who package emacs can easily add
GNU Mailutils as a dependency, and people who build their own emacs
should read and react to the warning messages that I proposed earlier.

Robert

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Robert Pluim]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Robert Pluim <rpluim@gmail.com>
>> Cc: Eli Zaretskii <eliz@gnu.org>,  jwiegley@gmail.com,  28597@debbugs.gnu.org,  nljlistbox2@gmail.com
>> Date: Tue, 03 Oct 2017 10:09:15 +0200
>> 
>> I'm not wedded to the form, but I think configure should output
>> *something* to warn people about the change in behaviour.  Or we go
>> full radical and disable building our own mailutils on non MS-Windows,
>> thus simplifying this mess greatly (we'd have to warn a bit more
>> loudly if GNU Mailutils aren't installed, though)
>
> Not building movemail if Mailutils are not installed is too harsh,
> because movemail supports methods other than POP3.

Does GNU Mailutils not support those same methods? I'm assuming it's
also maintained more than our movemail.

Robert

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Eli Zaretskii]

> From: Robert Pluim <rpluim@gmail.com>
> Cc: jwiegley@gmail.com,  eggert@cs.ucla.edu,  28597@debbugs.gnu.org,  nljlistbox2@gmail.com
> Gmane-Reply-To-List: yes
> Date: Tue, 03 Oct 2017 17:03:48 +0200
> 
> > Not building movemail if Mailutils are not installed is too harsh,
> > because movemail supports methods other than POP3.
> 
> Does GNU Mailutils not support those same methods?

It does, but I was talking about the case where Mailutils is NOT
installed.  If you don't build movemail in that case, you leave users
unable to fetch mail even if they don't use POP3.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Eli Zaretskii]

> From: nljlistbox2@gmail.com (N. Jackson)
> Cc: Eli Zaretskii <eliz@gnu.org>,  jwiegley@gmail.com,  28597@debbugs.gnu.org,  rpluim@gmail.com
> Date: Tue, 03 Oct 2017 10:29:16 -0400
> 
> I was thinking of disabling the commands in question in the case
> that they will be insecure and prompting along the lines of:
> 
>   You have typed abc, invoking disabled command xyz.
> 
>   Beware: This command retrieves POP3 email via only insecure
>   channels. See [reference to relevant documentation] for more
>   information.
> 
>   Do you want to use this command anyway?
> 
>   You can now type
>   y   to try it and enable it (no questions if you use it again).
>   n   to cancel--don't try the command, and it remains disabled.
>   SPC to try the command just this once, but leave it disabled.
>   !   to try it, and enable all disabled commands for this session only.
> 
> This informs the user but only does so once (if they don't want to
> be told again); after that they need not see the warning ever
> again. Telling someone something once really cannot be described
> as "nagging".

I don't see how can we do such a thing, since movemail is a
command-line utility written in C, not a Lisp program.  People can
(and some do) invoke movemail from the shell prompt.

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Paul Eggert]

[-- Attachment #1: Type: text/plain, Size: 284 bytes --]

On 10/03/2017 01:09 AM, Robert Pluim wrote:
> I think configure should output
> *something*  to warn people about the change in behaviour.

That's easy and harmless enough, so I installed the attached into 
emacs-26, after installing the patch I previously mentioned in this thread.


[-- Attachment #2: 0001-Warn-if-without-pop-is-now-the-default.patch --]
[-- Type: text/x-patch, Size: 3396 bytes --]

From bbc889f07fa1cc516480d5958ece89997c87cdeb Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 3 Oct 2017 15:42:10 -0700
Subject: [PATCH] Warn if --without-pop is now the default

* configure.ac (with_pop): Set to no-by-default if defaulting to "no".
Warn about the change if defaulting to "no".  Update URLs.
---
 configure.ac | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3feac73bed..d92b95cb54 100644
--- a/configure.ac
+++ b/configure.ac
@@ -259,7 +259,7 @@ AC_DEFUN
   [],
   [case $host in
      *-mingw*) with_pop=yes;;
-     *) with_pop=no;;
+     *) with_pop=no-by-default;;
    esac])
 if test "$with_pop" = yes; then
    AC_DEFINE(MAIL_USE_POP)
@@ -1320,7 +1320,7 @@ AC_DEFUN
 dnl LD_SWITCH_SYSTEM_TEMACS.  That is:
 dnl * inappropriate, as LDFLAGS is a user option but this is essential.
 dnl   Eg "make LDFLAGS=... all" could run into problems,
-dnl   http://bugs.debian.org/684788
+dnl   https://bugs.debian.org/684788
 dnl * unnecessary, since temacs is the only thing that actually needs it.
 dnl   Indeed this is where it was originally, prior to:
 dnl   https://lists.gnu.org/archive/html/emacs-pretest-bug/2004-03/msg00170.html
@@ -1399,10 +1399,6 @@ AC_DEFUN
    # The resulting binary has a complete symbol table, and is better
    # for debugging and other observability tools (debuggers, pstack, etc).
    #
-   # If you encounter a problem using dldump(), please consider sending
-   # a message to the OpenSolaris tools-linking mailing list:
-   #      http://mail.opensolaris.org/mailman/listinfo/tools-linking
-   #
    # It is likely that dldump() works with older Solaris too, but this has
    # not been tested, so for now this change is for Solaris 10 or newer.
    UNEXEC_OBJ=unexsol.o
@@ -2651,7 +2647,7 @@ AC_DEFUN
        closing open displays.  This is no problem if you just use
        one display, but if you use more than one and close one of them
        Emacs may crash.
-       See http://bugzilla.gnome.org/show_bug.cgi?id=85715]])
+       See https://bugzilla.gnome.org/show_bug.cgi?id=85715]])
   fi
 
 fi
@@ -4464,7 +4460,6 @@ AC_DEFUN
 
 case $opsys in
   dnl SIGIO exists, but the feature doesn't work in the way Emacs needs.
-  dnl See eg <http://article.gmane.org/gmane.os.openbsd.ports/46831>.
   hpux* | nacl | openbsd | sol2* | unixware )
     emacs_broken_SIGIO=yes
     ;;
@@ -5575,6 +5570,12 @@ m4_define
     AC_MSG_WARN([This configuration installs a 'movemail' program
 that retrieves POP3 email via only insecure channels.
 To omit insecure POP3, you can use '$0 --without-pop'.])
+  elif test "$with_pop" = no-by-default; then
+    AC_MSG_WARN([This configuration installs a 'movemail' program
+that does not retrieve POP3 email.  By default, Emacs 25 and earlier
+installed a 'movemail' program that retrieved POP3 email via only
+insecure channels, a practice that is no longer recommended but that
+you can continue to support by using '$0 --with-pop'.])
   fi
 
   case $opsys in
@@ -5586,7 +5587,7 @@ m4_define
       case `(movemail --version) 2>/dev/null` in
 	*Mailutils*) ;;
 	*) emacs_fix_movemail="install GNU Mailutils
-<http://mailutils.org> and $emacs_fix_movemail";;
+<https://mailutils.org> and $emacs_fix_movemail";;
       esac
       AC_MSG_NOTICE([You might want to $emacs_fix_movemail.]);;
   esac
-- 
2.13.6

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Robert Pluim]

Paul Eggert <eggert@cs.ucla.edu> writes:

> On 10/03/2017 01:09 AM, Robert Pluim wrote:
>> I think configure should output
>> *something*  to warn people about the change in behaviour.
>
> That's easy and harmless enough, so I installed the attached into
> emacs-26, after installing the patch I previously mentioned in this
> thread.

I have some minor thoughts about the wording of the warning, but
nothing worth another commit. Looks good to me.

Robert

bug#28597: 26.0.60; [Security] Configure should use --without-pop by default

[Noam Postavsky]

close 28597
quit

Robert Pluim <rpluim@gmail.com> writes:

> Paul Eggert <eggert@cs.ucla.edu> writes:
>
>> On 10/03/2017 01:09 AM, Robert Pluim wrote:
>>> I think configure should output
>>> *something*  to warn people about the change in behaviour.
>>
>> That's easy and harmless enough, so I installed the attached into
>> emacs-26, after installing the patch I previously mentioned in this
>> thread.
>
> I have some minor thoughts about the wording of the warning, but
> nothing worth another commit. Looks good to me.

I guess there's nothing more to do here, closing.