From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.bugs Subject: bug#13374: 24.?; open-gnutls-stream insecurity Date: Wed, 18 Dec 2013 17:50:39 -0500 Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos Message-ID: <87r499ixj4.fsf@flea.lifelogs.com> References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> <871udvhh11.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1387407015 21831 80.91.229.3 (18 Dec 2013 22:50:15 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 18 Dec 2013 22:50:15 +0000 (UTC) Cc: Oleksii Shevchuk , Lars Magne Ingebrigtsen , 13374-done@debbugs.gnu.org To: Stefan Monnier Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Dec 18 23:50:20 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VtPwY-000409-TD for geb-bug-gnu-emacs@m.gmane.org; Wed, 18 Dec 2013 23:50:19 +0100 Original-Received: from localhost ([::1]:41204 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VtPwY-0007Bp-JW for geb-bug-gnu-emacs@m.gmane.org; Wed, 18 Dec 2013 17:50:18 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:50018) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VtPwP-00079V-Ef for bug-gnu-emacs@gnu.org; Wed, 18 Dec 2013 17:50:16 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VtPwJ-0005Bs-BO for bug-gnu-emacs@gnu.org; Wed, 18 Dec 2013 17:50:09 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:43800) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VtPwJ-00059D-3x for bug-gnu-emacs@gnu.org; Wed, 18 Dec 2013 17:50:03 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1VtPwI-0002d9-LF for bug-gnu-emacs@gnu.org; Wed, 18 Dec 2013 17:50:02 -0500 Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-To: bug-gnu-emacs@gnu.org Resent-Date: Wed, 18 Dec 2013 22:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 13374 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Mail-Followup-To: 13374@debbugs.gnu.org, tzz@lifelogs.com, alxchk@gmail.com Original-Received: via spool by 13374-done@debbugs.gnu.org id=D13374.138740697210060 (code D ref 13374); Wed, 18 Dec 2013 22:50:02 +0000 Original-Received: (at 13374-done) by debbugs.gnu.org; 18 Dec 2013 22:49:32 +0000 Original-Received: from localhost ([127.0.0.1]:57817 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VtPvj-0002c5-In for submit@debbugs.gnu.org; Wed, 18 Dec 2013 17:49:31 -0500 Original-Received: from mail-qc0-f178.google.com ([209.85.216.178]:51081) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VtPve-0002bu-CQ for 13374-done@debbugs.gnu.org; Wed, 18 Dec 2013 17:49:26 -0500 Original-Received: by mail-qc0-f178.google.com with SMTP id i17so282336qcy.37 for <13374-done@debbugs.gnu.org>; Wed, 18 Dec 2013 14:49:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=mzN+23qg7wQyoynn7+A6rvjg1kavLhB42Lk0aNaGTEg=; b=XhhgJeg6UEkf5e8iIx/cQK8PZvNPUE+ePXVQJMyqqIx/O+EdM8CFgf/EHu8PTHRqc3 jfQpyKSIR6fcc+6aghxegyC/7yElTF6PCx3BzpWLwTc/ZI3ZgHGP+581BeOyoHtQLRqd 9xzJlZoZF93Z805S88SB3SPDhuC2+0JpOPdyA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=mzN+23qg7wQyoynn7+A6rvjg1kavLhB42Lk0aNaGTEg=; b=SopTyetmm5w3R4wtqjx+OfLMgIGu04aNlnEcm87t1qCHBKjYULSTTdz2UqZHTpljBf mnK7EdeJ5G+gEeA9wAVH5ygLDxKIReiWHFRLM2L89m5SsS8VyJ0UbDsyByo+Utk9/syV bDfRUgrBMUnmn2sUd1cAd0ylpjx7d8n7vQ+zvOxJZBC4ok1kZ17QhjN5GJZ5AfgHD27s 1CXNHUeHVXJC0KHR44Zk0VIKsecJkTnfDDww7JF4zPpbAz1jsieEkQU5i8tYvYWxzN+t /kGPH2ZE+vsAzsl/z3DYbR2L38Wf7rURj2DgpRQz29tDIC1rAZmzqKHjL34o29AU96z1 M5Aw== X-Gm-Message-State: ALoCoQlZQSdVd65QLHdxU1ZOKJvMucw8Wp5gW+DPfja9E/mcJ4YpWr73qskGBNNQeVKD1RVJCk62 X-Received: by 10.224.80.4 with SMTP id r4mr57541481qak.69.1387406961780; Wed, 18 Dec 2013 14:49:21 -0800 (PST) Original-Received: from flea.lifelogs.com (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id r5sm4224715qan.4.2013.12.18.14.49.20 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Dec 2013 14:49:20 -0800 (PST) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: (Stefan Monnier's message of "Tue, 08 Jan 2013 12:06:08 -0500") User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:82196 Archived-At: On Tue, 08 Jan 2013 12:06:08 -0500 Stefan Monnier wrote: >>> It should default to nil (in other words, we'll ship 24.3 with the same >>> insecure behavior it has right now). But we can recommend to the users >>> to turn it on, and see how well it works in practice, and write the >>> necessary prompts and customization logic that Lars outlined. >> I think we should just leave things as is for 24.3, since it's too close >> to release, and fix this properly for 24.5. SM> I tend to agree, although, if the patch is sufficiently trivial, it SM> could be accepted (e.g. define a new custom var, with nil default value SM> and splice it somewhere in the code where nil makes no difference). >> Instituting an option like that (which will have to be abandoned >> later) as a stop-gap I feel isn't all that helpful. SM> If the option will have to be abandoned, then it's indeed a loser, but SM> I thought the idea is that this option will stay and the added code in SM> 24.4 will "simply" be handling errors more cleverly and prompting the SM> user to update this option on-the-fly. This is done for the upcoming release. Marking this as done. Ted