From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Daiki Ueno" Newsgroups: gmane.emacs.devel Subject: Re: Moving files from lisp/gnus/ to lisp/net/? Date: Thu, 8 Nov 2007 09:46:38 +0900 Message-ID: <54a15d860711071646u2c200961y69e7d684c7418a7a@mail.gmail.com> References: <87y7dd2e0f.fsf@mocca.josefsson.org> <54a15d860711060601s2d85f32o5942939270a7e59e@mail.gmail.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1194482817 3925 80.91.229.12 (8 Nov 2007 00:46:57 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 8 Nov 2007 00:46:57 +0000 (UTC) Cc: simon@josefsson.org, emacs-devel@gnu.org To: rms@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Nov 08 01:47:00 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1IpvXu-0003gl-Sz for ged-emacs-devel@m.gmane.org; Thu, 08 Nov 2007 01:46:59 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IpvXj-0006Rz-Gf for ged-emacs-devel@m.gmane.org; Wed, 07 Nov 2007 19:46:47 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IpvXe-0006RU-W6 for emacs-devel@gnu.org; Wed, 07 Nov 2007 19:46:43 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IpvXc-0006R9-Lk for emacs-devel@gnu.org; Wed, 07 Nov 2007 19:46:41 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IpvXc-0006R6-GG for emacs-devel@gnu.org; Wed, 07 Nov 2007 19:46:40 -0500 Original-Received: from el-out-1112.google.com ([209.85.162.176]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1IpvXc-0002ep-64 for emacs-devel@gnu.org; Wed, 07 Nov 2007 19:46:40 -0500 Original-Received: by el-out-1112.google.com with SMTP id s27so681148ele for ; Wed, 07 Nov 2007 16:46:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=Gd6Q/cgMpbBAHQ4WYT3b07Ev89qQ9rTSSmgbPk+LtSE=; b=ga0993cpsJTTvl48/W6jzY9DWNkE6DKvCU6OY25qpTZ45X7252zEgejhmCdDV5pXaRHdzHEOgdw9CcP501CpQd3CKQC/I3IIUHV7nqp166FzcwUso4mSX8QuqlH97yuScP9UdQh99H27T5gToDBZT4dazqsDkqeRUJA8q2F/DD4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=csdU0Ey72BJC4t8tYvqCuJAHoPzBUe59eznM23mqFckAqPp8J2fiUWwr3yoD5bc+LIcosUlzL5HwolUAmdIol4MQqPaBIvmeVSl0eJXSs5a0wcZd1g3O1PIJJMi3zJ6nypfRG9ybYPpEH+VK2QdJ9b9df8zYp+8qC1/nR55F1c0= Original-Received: by 10.142.104.9 with SMTP id b9mr1619078wfc.1194482798235; Wed, 07 Nov 2007 16:46:38 -0800 (PST) Original-Received: by 10.142.241.4 with HTTP; Wed, 7 Nov 2007 16:46:38 -0800 (PST) In-Reply-To: Content-Disposition: inline X-Google-Sender-Auth: fdf823f19a51e243 X-detected-kernel: by monty-python.gnu.org: Linux 2.4-2.6 (Google crawlbot) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:82774 Archived-At: 2007/11/7, Richard Stallman : > Even though read-passwd is not perfectly secure, it is far better than > password caching in elisp. If read-passwd does password caching by > itself and the docstring says so, thoughtless programmers will tend to > use that feature in every case. That will cause spreading insecure > code. > > I do not understand the argument you are making. I was talking about > two alternatives for writing the Lisp code: one function and two > functions. I don't know how to relate what you said to that choice. I wanted to mean that "two functions" approach is better than "one function" approach. The rationales are: (1) the current read-passwd is reasonably secure (since it clears passphrase strings read as much as possible). (2) passphrase caching in elisp inherently has a risk to leak passphrases to disks. (3) if read-passwd caches passphrases when the optional argument is given, some people will misuse that new feature (perhaps by cut&paste existing code) even though the docstring of read-passwd explicitly states that behavior. Regards, -- Daiki Ueno