From: Ted Zlatanov <tzz@lifelogs.com>
To: "João Távora" <joaotavora@gmail.com>, "Eli Zaretskii" <eliz@gnu.org>
Cc: 14380@debbugs.gnu.org, emacs-devel@gnu.org
Subject: bug#14380: 24.3; `network-stream-open-tls' fails in some imap servers on w32
Date: Sat, 18 May 2013 23:17:02 -0400 [thread overview]
Message-ID: <87zjvr64lt.fsf_-___27816.1553120755$1368933473$gmane$org@lifelogs.com> (raw)
In-Reply-To: <CALDnm51ZBQn_T0w43TfNiui+nfBcJL5z_4egAXmtwdHOW3qCXQ@mail.gmail.com> ("João Távora"'s message of "Sat, 18 May 2013 14:05:47 +0100")
(CC to emacs-devel as I think this discussion is relevant there)
On Sat, 18 May 2013 14:05:47 +0100 João Távora <joaotavora@gmail.com> wrote:
JT> The point [is] that needing external libraries which are not always
JT> bundled doesn't make it very "builtin".
I'm not bringing GnuTLS into the Emacs source tree, which is the only
other way to make it built-in functionality. I understand there are
issues with external dependencies and in fact I asked that we bundle the
GnuTLS W32 DLLs with the W32 Emacs builds. That led to a long
discussions about how that makes security our responsibility and how we
then need to deal with GnuTLS updates, and I didn't have a strong desire
to become a W32 distribution expert since I barely know that platform.
No one else picked it up, and there we are with "install it yourself" as
the recommended way to get GnuTLS to work on W32.
>> I've seen dozens of bugs related to "almost working" external TLS
>> binaries on all platforms.
JT> Yes, but have you looked closely at this particular one? The point is rather
JT> to increase robustness. That is, `open-tls-stream` could/should promise
JT> to cleanup the process buffer of its handshake garbage, so that future
JT> functions that use that resource don't see it and don't get confused by it.
JT> I'm assuming they don't need to see it, I might be wrong.
I'm not able to fix this bug or work on bugs in the external SSL/TLS support.
JT> But if I'm right and that fix is performed then you've effectively extended
JT> "imap just works" the set of W32 emacs users who type "M-x gnus" on a
JT> vanilla emacs in a system with some cygwin installation in PATH. Maybe it's
JT> a small set but I'm in it (when I'm at work).
Wouldn't you rather get GnuTLS to work by default? Otherwise we serve
the use case "I have no secure transport, so let me use a hack by
default."
>> GnuTLS integration with Emacs. My vote is to require GnuTLS with Emacs
>> and to only support it, but there are some questions there, mainly for
>> W32 and Mac OS X: do we auto-update GnuTLS? What happens when the
>> GnuTLS we install conflicts with another system install? And so on...
JT> That's all fine, I guess. I vote for that too :-)
The big problem for me is that I don't have the time or platform
knowledge to write a GnuTLS auto-installer and updater for those two
problematic platforms. The GnuTLS developers don't want to provide this
service either. Who will be responsible to it? What happens when a
security vulnerability hits the DLLs we distribute with Emacs?
My proposal would be to push out the next Emacs bundled with the latest
GnuTLS DLLs, only support GnuTLS, provide users with instructions on
updating them, and treat GnuTLS vulnerabilities as Emacs
vulnerabilities. This is not ideal but IMO better than the current
situation.
Ted
next prev parent reply other threads:[~2013-05-19 3:17 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87k3mw79iv.fsf@lifelogs.com>
2013-05-18 13:05 ` bug#14380: [gmane.emacs.bugs] bug#14380: 24.3; `network-stream-open-tls' fails in some imap servers on w32 João Távora
2013-05-19 3:17 ` Ted Zlatanov [this message]
[not found] ` <87zjvr64lt.fsf_-_@lifelogs.com>
2013-05-19 11:45 ` João Távora
2013-05-19 15:32 ` Eli Zaretskii
2013-05-20 13:56 ` Ted Zlatanov
2013-05-20 16:28 ` Eli Zaretskii
2013-05-24 19:48 ` Ted Zlatanov
2013-05-24 20:27 ` Eli Zaretskii
2013-05-10 12:49 ` João Távora
2013-05-10 14:00 ` Eli Zaretskii
2013-05-10 16:00 ` João Távora
2013-05-10 17:17 ` Eli Zaretskii
2013-05-10 20:44 ` João Távora
2013-05-11 7:06 ` Eli Zaretskii
2013-05-17 13:12 ` Ted Zlatanov
2013-05-24 22:20 ` Ted Zlatanov
2013-05-25 6:49 ` Eli Zaretskii
[not found] ` <CALDnm50KHS7wOKUpQJQHb4V_PLfQs6VkjEsRmPgY=R5x0eEuUg@mail.gmail.com>
2013-05-19 15:44 ` Eli Zaretskii
2013-05-19 17:57 ` João Távora
2013-05-19 19:01 ` Eli Zaretskii
2013-05-19 23:05 ` Ted Zlatanov
[not found] ` <87txly4ll9.fsf@lifelogs.com>
2013-05-20 2:08 ` Juanma Barranquero
2013-05-20 22:07 ` João Távora
[not found] ` <CALDnm51-4aTee3NGoRp+=T6MuTV3xD9P4Ed1yZLU_E5k_r5hGw@mail.gmail.com>
2013-06-05 15:06 ` Ted Zlatanov
[not found] ` <87obbk1trn.fsf@lifelogs.com>
2013-06-05 16:42 ` Glenn Morris
2013-06-05 18:10 ` Ted Zlatanov
2013-06-08 0:58 ` Glenn Morris
2013-06-06 8:15 ` João Távora
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='87zjvr64lt.fsf_-___27816.1553120755$1368933473$gmane$org@lifelogs.com' \
--to=tzz@lifelogs.com \
--cc=14380@debbugs.gnu.org \
--cc=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=joaotavora@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).