From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Sat, 23 Jun 2018 14:26:36 +0300 Message-ID: <83a7rlvj4j.fsf@gnu.org> References: <83po0iuhs7.fsf@gnu.org> Reply-To: Eli Zaretskii NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1529753110 29398 195.159.176.226 (23 Jun 2018 11:25:10 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 23 Jun 2018 11:25:10 +0000 (UTC) Cc: larsi@gnus.org, eggert@cs.ucla.edu, npostavs@gmail.com, emacs-devel@gnu.org To: Jimmy Yuen Ho Wong Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Jun 23 13:25:06 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fWgfB-0007X7-Un for ged-emacs-devel@m.gmane.org; Sat, 23 Jun 2018 13:25:06 +0200 Original-Received: from localhost ([::1]:38047 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fWghJ-00013j-3x for ged-emacs-devel@m.gmane.org; Sat, 23 Jun 2018 07:27:17 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48896) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fWggZ-00013Y-CA for emacs-devel@gnu.org; Sat, 23 Jun 2018 07:26:35 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fWggV-00014o-BY for emacs-devel@gnu.org; Sat, 23 Jun 2018 07:26:31 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:38623) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fWggV-00014e-7J; Sat, 23 Jun 2018 07:26:27 -0400 Original-Received: from [176.228.60.248] (port=3505 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fWggT-0003oa-Ur; Sat, 23 Jun 2018 07:26:26 -0400 In-reply-to: (message from Jimmy Yuen Ho Wong on Sat, 23 Jun 2018 11:21:49 +0100) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:226615 Archived-At: > From: Jimmy Yuen Ho Wong > Date: Sat, 23 Jun 2018 11:21:49 +0100 > Cc: Noam Postavsky , Paul Eggert , > Lars Ingebrigtsen , emacs-devel@gnu.org > > > Can we bump gnutls-min-prime-bits to 1024 on the release branch? > > No, I don't think so. Changing these settings needs a prolonged > testing period to uncover any subtle problems with non-conforming > servers that users must be able to access, and such testing is > unlikely to happen on emacs-26 before the next bug-fix release. > > If we change this now on emacs-26, we should probably not release > Emacs 26.2 before a year goes by. > > I don't understand this. Just because a small amount of people need 256 bit default to connect to some > non-conforming servers, you think the trade-off should be to use a default that put the vast majority of Emacs > users at risk out of the box? No, you are missing my point, I think. I'm saying that changes in these areas tend to cause unintended breakage, and it takes time to uncover those and fix them. We cannot risk such breakage on the release branch without delaying the next bug-fix release too much. IOW, this is about the relative importance of other bugs we fixed since 26.1 and need to be released soon, and this particular issue, which isn't new.