From: Paul Eggert <eggert@cs.ucla.edu>
To: Robert Pluim <rpluim@gmail.com>, Eli Zaretskii <eliz@gnu.org>
Cc: jwiegley@gmail.com, 28597@debbugs.gnu.org, nljlistbox2@gmail.com
Subject: bug#28597: 26.0.60; [Security] Configure should use --without-pop by default
Date: Mon, 2 Oct 2017 11:23:05 -0700 [thread overview]
Message-ID: <d22d954c-3436-2c56-8baf-333865c75872@cs.ucla.edu> (raw)
In-Reply-To: <873771wm1y.fsf@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 414 bytes --]
Thanks for working on this. However, Eli asked for --with-pop to remain
the default on native MS-Windows. Also, I found the newly-added warnings
confusing (though admittedly everything is confusing here :-).
How about the attached patch instead? It does not change the
configure-time warnings. It merely changes the default, so that
--without-pop is now the default on platforms other than native MS-Windows.
[-- Attachment #2: 0001-with-pop-is-now-the-default-only-on-MS-Windows.patch --]
[-- Type: text/x-patch, Size: 3603 bytes --]
From 0e6c02134df40b56ca3b100ae0cc1a9d957a6e7f Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 2 Oct 2017 11:17:36 -0700
Subject: [PATCH] --with-pop is now the default only on MS-Windows
Problem reported by N. Jackson (Bug#28597).
This improves an earlier suggestion by Robert Pluim (Bug#28597#47).
* INSTALL, configure.ac, etc/NEWS:
Make --with-pop the default only on native MS-Windows.
---
INSTALL | 6 ++++--
configure.ac | 19 +++++++++++++------
etc/NEWS | 5 +++--
3 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/INSTALL b/INSTALL
index e76e843ce2..e93b3064fc 100644
--- a/INSTALL
+++ b/INSTALL
@@ -273,8 +273,10 @@ a POP3 server by default. Versions of the POP protocol older than
POP3 are not supported. While POP3 support is typically enabled,
whether Emacs actually uses POP3 is controlled by individual users;
see the Rmail chapter of the Emacs manual. Unless --with-mailutils is
-in effect, it is a good idea to configure --without-pop so that users
-are less likely to inadvertently read email via insecure channels.
+in effect, it is a good idea to configure without POP3 support so that
+users are less likely to inadvertently read email via insecure
+channels. On native MS-Windows, --with-pop is the default; on other
+platforms, --without-pop is the default.
For image support you may have to download, build, and install the
appropriate image support libraries for image types other than XBM and
diff --git a/configure.ac b/configure.ac
index eb2c684040..3feac73bed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -232,9 +232,9 @@ AC_DEFUN
m4_bpatsubst([with_$1], [[^0-9a-z]], [_])=$with_features])dnl
])dnl
-# FIXME: The default options '--without-mailutils --with-pop' result
-# in a movemail implementation that supports only unencrypted POP3
-# connections. Encrypted connections should be the default.
+# For retrieving mail, unencrypted network connections are the default
+# only on native MS-Windows platforms. (FIXME: These platforms should
+# also be secure by default.)
AC_ARG_WITH([mailutils],
[AS_HELP_STRING([--with-mailutils],
@@ -251,9 +251,16 @@ AC_DEFUN
fi
AC_SUBST([with_mailutils])
-OPTION_DEFAULT_ON([pop],
- [don't support POP mail retrieval with movemail (--without-pop or
- --with-mailutils is recommended, as movemail POP is insecure)])
+AC_ARG_WITH([pop],
+ [AS_HELP_STRING([--with-pop],
+ [Support POP mail retrieval if Emacs movemail is used (not recommended,
+ as Emacs movemail POP is insecure). This is the default only on
+ native MS-Windows.])],
+ [],
+ [case $host in
+ *-mingw*) with_pop=yes;;
+ *) with_pop=no;;
+ esac])
if test "$with_pop" = yes; then
AC_DEFINE(MAIL_USE_POP)
fi
diff --git a/etc/NEWS b/etc/NEWS
index b734e8dd19..62d2450f9a 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -35,8 +35,9 @@ GNU Mailutils to retrieve email. It is recommended, and is the
default if GNU Mailutils is installed. When --with-mailutils is not
in effect, the Emacs build procedure by default continues to build and
install a limited 'movemail' substitute that retrieves POP3 email only
-via insecure channels; to avoid this problem, use either
---with-mailutils or --without-pop when configuring.
+via insecure channels. To avoid this problem, use either
+--with-mailutils or --without-pop when configuring; --without-pop
+is the default on platforms other than native MS-Windows.
** The new option 'configure --enable-gcc-warnings=warn-only' causes
GCC to issue warnings without stopping the build. This behavior is
--
2.13.6
next prev parent reply other threads:[~2017-10-02 18:23 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-25 15:11 bug#28597: 26.0.60; [Security] Configure should use --without-pop by default N. Jackson
2017-09-25 15:21 ` John Wiegley
2017-09-26 9:13 ` Robert Pluim
2017-09-26 15:39 ` Glenn Morris
2017-09-26 17:22 ` Paul Eggert
2017-09-26 18:51 ` John Wiegley
2017-09-29 13:14 ` Eli Zaretskii
2017-09-29 14:05 ` Robert Pluim
2017-09-29 17:42 ` Eli Zaretskii
2017-09-29 20:04 ` Robert Pluim
2017-10-02 16:29 ` Robert Pluim
2017-10-02 18:23 ` Paul Eggert [this message]
2017-10-03 8:09 ` Robert Pluim
2017-10-03 14:34 ` Eli Zaretskii
2017-10-03 15:03 ` Robert Pluim
2017-10-03 15:42 ` Eli Zaretskii
2017-10-03 22:47 ` Paul Eggert
2017-10-04 7:14 ` Robert Pluim
2017-10-16 2:34 ` Noam Postavsky
2017-09-29 16:07 ` N. Jackson
2017-09-29 17:53 ` Eli Zaretskii
2017-09-29 18:14 ` N. Jackson
2017-09-29 19:11 ` Eli Zaretskii
2017-10-02 17:22 ` N. Jackson
2017-10-02 17:32 ` Eli Zaretskii
2017-10-02 18:00 ` Paul Eggert
2017-10-02 18:47 ` Eli Zaretskii
2017-10-02 23:20 ` Paul Eggert
2017-10-03 2:29 ` Eli Zaretskii
2017-10-03 14:29 ` N. Jackson
2017-10-03 14:55 ` Robert Pluim
2017-10-03 15:43 ` Eli Zaretskii
2017-10-02 18:00 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d22d954c-3436-2c56-8baf-333865c75872@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=28597@debbugs.gnu.org \
--cc=eliz@gnu.org \
--cc=jwiegley@gmail.com \
--cc=nljlistbox2@gmail.com \
--cc=rpluim@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).