From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stefan Monnier <monnier@IRO.UMontreal.CA>
Newsgroups: gmane.emacs.bugs
Subject: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Date: Thu, 26 Jan 2012 12:28:47 -0500
Message-ID: <jwv7h0e751z.fsf-monnier+emacs@gnu.org>
References: <87mxgcffq1.fsf@niu.edu> <87k44ffsdu.fsf@lifelogs.com>
	<jwv4nvj1awv.fsf-monnier+emacs@gnu.org> <87aa5aa38p.fsf@lifelogs.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1327599693 27214 80.91.229.12 (26 Jan 2012 17:41:33 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Thu, 26 Jan 2012 17:41:33 +0000 (UTC)
Cc: 9113@debbugs.gnu.org
To: Roland Winkler <winkler@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jan 26 18:41:29 2012
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1RqTKC-0007IK-HO
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 26 Jan 2012 18:41:28 +0100
Original-Received: from localhost ([::1]:51066 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1RqTKB-0006hm-Tx
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 26 Jan 2012 12:41:27 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92]:54003)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqTK3-000688-8U
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 12:41:25 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqT8b-0005On-WC
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 12:29:35 -0500
Original-Received: from debbugs.gnu.org ([140.186.70.43]:40381)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqT8b-0005Og-Tz
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 12:29:29 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqT98-0001AS-Hf
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 12:30:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Stefan Monnier <monnier@IRO.UMontreal.CA>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 26 Jan 2012 17:30:02 +0000
Resent-Message-ID: <handler.9113.B9113.13275989654413@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 9113
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 9113-submit@debbugs.gnu.org id=B9113.13275989654413
	(code B ref 9113); Thu, 26 Jan 2012 17:30:02 +0000
Original-Received: (at 9113) by debbugs.gnu.org; 26 Jan 2012 17:29:25 +0000
Original-Received: from localhost ([127.0.0.1]:45768 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1RqT8W-000197-BU
	for submit@debbugs.gnu.org; Thu, 26 Jan 2012 12:29:24 -0500
Original-Received: from chene.dit.umontreal.ca ([132.204.246.20]:49355)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <monnier@iro.umontreal.ca>) id 1RqT8T-00018z-Nb
	for 9113@debbugs.gnu.org; Thu, 26 Jan 2012 12:29:22 -0500
Original-Received: from faina.iro.umontreal.ca (lechon.iro.umontreal.ca
	[132.204.27.242])
	by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id q0QHSmbS001177; 
	Thu, 26 Jan 2012 12:28:48 -0500
Original-Received: by faina.iro.umontreal.ca (Postfix, from userid 20848)
	id 19F12B4431; Thu, 26 Jan 2012 12:28:48 -0500 (EST)
In-Reply-To: <87aa5aa38p.fsf@lifelogs.com> (Ted Zlatanov's message of "Thu, 26
	Jan 2012 09:32:38 -0600")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux)
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 5
X-NAI-Spam-Score: 0
X-NAI-Spam-Rules: 1 Rules triggered
	RV4113=0
X-NAI-Spam-Version: 2.2.0.9309 : core <4113> : streams <723202> : uri <1054170>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:56044
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/56044>

>>> The Emacs maintainers asked me to make the default unencrypted.  I don't
>>> think they will change their position.
SM> I can't remember exactly how we got there.  But I do agree that saving
SM> a password unencrypted by default is not a good idea.
> I don't recall exactly either.  But here's how we can proceed.  We have
> several options:
> 1) go back to authinfo.gpg as the first choice

I'm not sure what this means: how does it fix the problem, what other
consequences does it have?  E.g. will Emacs end up asking for my
password to read autoinfo.gpg even though the thing it's looking for is
not there?

> 2) use unencrypted authinfo with encrypted password tokens, which
>    looks like this:

> machine supertest password
> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=

That might be a good option.

> Additionally, we should decide if any of this is happening for 24.1.  I
> would really prefer to make the default more secure for 24.1.

IIRC for 23 the default was to keep the password for the current session
and not to store it in any file at all.  I think it's a better default
than writing it in clear in some file, so at least for 24.1 reverting to
the Emacs-23 default is very attractive.

Another option (the better long-term option) is to use an external
keychain service to handle these issues.  That's what we should focus on
for the "next time".


        Stefan