From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: auth-source change default spec
Date: Tue, 01 May 2012 10:00:17 -0400 [thread overview]
Message-ID: <878vhcgfwu.fsf@lifelogs.com> (raw)
In-Reply-To: ruwr4xxu0j.fsf@news.eternal-september.org
On Mon, 30 Apr 2012 14:51:24 +0200 Richard Riley <rileyrg@gmail.com> wrote:
RR> I would expect [`auth-sources'] should default to the most
RR> secure. And allow fall through on the search. Should you really
RR> want, for some really obscure reason, to prefer a plain text file
RR> for secure passwords over the .gpg then some sort of override could
RR> be implemented. I know I'd be pretty miffed if I saved passwords
RR> thinking they were going into .gpg only to have them read out to me
RR> at a later date by someone who got hold of the plaintext file.
The prompt clearly says "add entry to authinfo/authinfo.gpg?" when
entries are added automatically, and if you edit manually you should
know what you're editing.
The fall-through works just fine. But if an entry is in the first file
in `auth-sources', and :max 1 is specified, there's no need to open a
bunch of files when we have an answer already.
On Tue, 1 May 2012 08:41:49 +1000 Tim Cross <theophilusx@gmail.com> wrote:
TC> For me, the main question relating to this and usability is to what
TC> extent other platforms, like windows, will have the necessary
TC> encryption facilities available such that having the encrypted version
TC> as default will not result in really broken or inconvenient behaviour
TC> for them. Not being a windows user, I cannot assess this issue.
I can tell you it doesn't work on W32 and many other platforms. We'd
need a native implementation of the OpenPGP packet format (probably
through libnettle). If we had that, we could definitely use .gpg as the
default everywhere. libcurl (thus Git and curl, among others) would
still be unable to use it, but at least you'd have Emacs-side consistency.
TC> Regardless of the style of authinfo file being used, my issue is that
TC> the library appears to only use the first choice in the auth-sources
TC> list even when it knows (at least should) there is a gpg file. In this
TC> situation, it should default to the gpg version, not to the first item
TC> in the auth-sources spec.
I disagree. `auth-sources' specifies a search order and should not be
rearranged by the auth-source.el library.
TC> Unfortunately,, I don't think asking the user to edit the auth-sources
TC> list is the right answer.
I think it's the only answer. Why is it a problem to ask the user to do
`M-x customize-variable auth-sources'? It's completely analogous with
the rest of Emacs' customization UI.
TC> I think this can be resolved fairly easily. If auth-sources has
TC> already found a .authinfo.gpg file in it's initial search, then that
TC> should become the default file to sotre new credentials, regardless
TC> of what is first in auth-sources.
I don't want to change the simple, clear logic of "save to the first
place you can." Otherwise you'd have to pick between saving to
plist-store, Secrets API, or .gpg file. Which one is right?
TC> In addition, it would be good to allow the user to [change] the
TC> destination filename at the prompt when asked if they want to save
TC> the current credentials.
That's a good idea. Maybe offer a choice between the various entries in
`auth-sources' that can save.
TC> Not also, the auth-sources manual is a bit misleading. It states that
TC> the gpg version will be searched first. If I understand correctly,
TC> this is not the case - it depends on auth-sources.
Thanks, I've updated the manual in the Gnus repo and it should make its
way to Emacs.
TC> I will also need to check the meaning of :max 1 - I thought that meant
TC> the search should return a maximum of one result, not, as seems to be
TC> implied by the text in that bug report, that the library would only
TC> search a max of 1 file. Another (less desirable) solution would be for
TC> the library to continue to search all files until either it found a
TC> match or ran out of files. This would at least stop the bug we ran
TC> into beause auth-source created a .authinfo file when we already had
TC> an .authinfo.gpg file.
`auth-source-search' will pass :max to each parser, which will stop when
it finds enough entries. So if there are 3 files and the second one has
the entry, `auth-source-search' will open 2 files for parsing. :max
definitely does not refer to the number of files to check.
Ted
next prev parent reply other threads:[~2012-05-01 14:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-28 0:45 auth-source change default spec Tim Cross
2012-04-28 8:46 ` Tim Cross
2012-04-28 15:08 ` Stefan Monnier
2012-04-29 0:04 ` Tim Cross
2012-04-30 12:23 ` Ted Zlatanov
2012-04-30 12:51 ` Richard Riley
2012-04-30 22:41 ` Tim Cross
2012-05-01 14:00 ` Ted Zlatanov [this message]
2012-05-01 21:41 ` Tim Cross
2012-05-02 12:25 ` Ted Zlatanov
2012-05-02 13:59 ` menu system in recent Emacs? (was: auth-source change default spec) Ted Zlatanov
2012-05-02 14:37 ` menu system in recent Emacs? Davis Herring
2012-05-02 15:07 ` Ted Zlatanov
2012-05-02 18:52 ` Tassilo Horn
2012-05-02 19:35 ` Ted Zlatanov
2012-05-02 18:00 ` Eric Schulte
2012-05-02 21:34 ` Ted Zlatanov
2012-05-02 23:52 ` Thien-Thi Nguyen
2012-05-03 0:53 ` Ted Zlatanov
2012-05-03 1:12 ` Thien-Thi Nguyen
2012-05-03 1:44 ` Ted Zlatanov
2012-05-03 1:47 ` Stefan Monnier
2012-05-03 5:21 ` Thierry Volpiatto
2012-05-03 6:25 ` Thierry Volpiatto
2012-05-03 7:13 ` Thien-Thi Nguyen
2012-05-03 7:28 ` Thierry Volpiatto
2012-05-03 6:18 ` Stefan Reichör
2012-05-03 12:01 ` Ted Zlatanov
2012-05-03 4:09 ` auth-source change default spec Tim Cross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878vhcgfwu.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).