From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stefan Monnier <monnier@IRO.UMontreal.CA>
Newsgroups: gmane.emacs.bugs
Subject: bug#9113: 24.0.50;
	auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
	auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
	auth-sources: .authinfo versus .authinfo.gpg
Date: Thu, 26 Jan 2012 16:41:19 -0500
Message-ID: <jwvpqe65kh9.fsf-monnier+emacs@gnu.org>
References: <87mxgcffq1.fsf@niu.edu> <87k44ffsdu.fsf@lifelogs.com>
	<jwv4nvj1awv.fsf-monnier+emacs@gnu.org> <87aa5aa38p.fsf@lifelogs.com>
	<87mxgcffq1.fsf@niu.edu> <87k44ffsdu.fsf@lifelogs.com>
	<jwv4nvj1awv.fsf-monnier+emacs@gnu.org> <87aa5aa38p.fsf@lifelogs.com>
	<87mxgcffq1.fsf@niu.edu> <87k44ffsdu.fsf@lifelogs.com>
	<jwv4nvj1awv.fsf-monnier+emacs@gnu.org> <87aa5aa38p.fsf@lifelogs.com>
	<jwv7h0e751z.fsf-monnier+emacs@gnu.org>
	<87y5suuz85.fsf@Rainer.invalid> <87bopq6xng.fsf@lifelogs.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1327614382 7077 80.91.229.12 (26 Jan 2012 21:46:22 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Thu, 26 Jan 2012 21:46:22 +0000 (UTC)
Cc: 9113@debbugs.gnu.org, Lars Ingebrigtsen <larsi@gnus.org>,
	Roland Winkler <winkler@gnu.org>
To: Achim Gratz <Stromeko@nexgo.de>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jan 26 22:46:17 2012
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1RqX95-0004AR-9Q
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 26 Jan 2012 22:46:15 +0100
Original-Received: from localhost ([::1]:37036 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1RqX94-0004mG-Is
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 26 Jan 2012 16:46:14 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92]:43720)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqX90-0004LP-UD
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 16:46:12 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqX4U-0004wV-RV
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 16:41:32 -0500
Original-Received: from debbugs.gnu.org ([140.186.70.43]:40517)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqX4U-0004wO-Ij
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 16:41:30 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RqX50-0000sg-Oc
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2012 16:42:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Stefan Monnier <monnier@IRO.UMontreal.CA>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 26 Jan 2012 21:42:02 +0000
Resent-Message-ID: <handler.9113.B9113.13276141203376@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 9113
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 9113-submit@debbugs.gnu.org id=B9113.13276141203376
	(code B ref 9113); Thu, 26 Jan 2012 21:42:02 +0000
Original-Received: (at 9113) by debbugs.gnu.org; 26 Jan 2012 21:42:00 +0000
Original-Received: from localhost ([127.0.0.1]:45904 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1RqX4x-0000sP-8z
	for submit@debbugs.gnu.org; Thu, 26 Jan 2012 16:41:59 -0500
Original-Received: from chene.dit.umontreal.ca ([132.204.246.20]:43329)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <monnier@iro.umontreal.ca>) id 1RqX4u-0000sG-3G
	for 9113@debbugs.gnu.org; Thu, 26 Jan 2012 16:41:58 -0500
Original-Received: from faina.iro.umontreal.ca (lechon.iro.umontreal.ca
	[132.204.27.242])
	by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id q0QLfK1u028270; 
	Thu, 26 Jan 2012 16:41:20 -0500
Original-Received: by faina.iro.umontreal.ca (Postfix, from userid 20848)
	id EC87AB4431; Thu, 26 Jan 2012 16:41:19 -0500 (EST)
In-Reply-To: <87bopq6xng.fsf@lifelogs.com> (Ted Zlatanov's message of "Thu, 26
	Jan 2012 14:01:39 -0600")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux)
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 5
X-NAI-Spam-Score: 0
X-NAI-Spam-Rules: 1 Rules triggered
	RV4113=0
X-NAI-Spam-Version: 2.2.0.9309 : core <4113> : streams <723245> : uri <1054288>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:56059
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/56059>

SM> That might be a good option.
> It works fairly well but it's hacky, and can't be shared with other
> programs.

Indeed, it's a major downside.

> I'd like to implement it with libnettle at least, so it doesn't depend
> on the external gpg utility.

But that would make it work even less with other programs.

LI> Yes.  But it will require the user to type in a password to get to the
LI> password.  :-)  And again, programs like Firefox defaults to storing the
LI> passwords in non-encrypted files, so I don't really see why Emacs should
LI> be more difficult to use than Firefox.

I don't know about you, but I don't let Firefox store my mailbox's
password.  I have a lot of passwords stored in Firefox's database, but
they're all things I don't really care about (e.g. passwords to log into
some stupid web-forums).

SM> Another option (the better long-term option) is to use an external
SM> keychain service to handle these issues.  That's what we should focus on
SM> for the "next time".
> Do you mean gpg-agent or the OS keychain?

I mean the keychain.

> Neither is available on all platforms consistently.

AFAIK all platforms have a keychain nowadays and it's the best place to
put sensitive passwords such as the ones used to access your IMAP server.

>>> IIRC for 23 the default was to keep the password for the current session
>>> and not to store it in any file at all.  I think it's a better default
>>> than writing it in clear in some file, so at least for 24.1 reverting to
>>> the Emacs-23 default is very attractive.
LI> Well, Emacs 23 just made you write the .authinfo file by hand.  Emacs 24
LI> prompts you for whether you want to store the password or not.  If you
LI> don't want to, say "n".

Yes, I guess it's good enough.

> One possible flow:
> If the user says `y' then we can ask (if `auth-sources' is 'ask) 
> "Do you want to keep your passwords in a GPG-encrypted file?"

> If they say `y' then set `auth-sources' to "~/.authinfo.gpg" and check
> that EPA/EPG are enabled. If GPG is not available, what do we do? Use
> libnettle? Or explain and pretend they said `n'?

If GPG is not available, ask a different question, as in "It will be
saved in cleartext, is that OK?"


        Stefan