From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: auth-source change default spec Date: Tue, 01 May 2012 10:00:17 -0400 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <878vhcgfwu.fsf@lifelogs.com> References: <87zk9to1bh.fsf@lifelogs.com> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1335880840 1045 80.91.229.3 (1 May 2012 14:00:40 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 1 May 2012 14:00:40 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue May 01 16:00:39 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1SPDd8-0007fh-Oo for ged-emacs-devel@m.gmane.org; Tue, 01 May 2012 16:00:38 +0200 Original-Received: from localhost ([::1]:38399 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SPDd8-0000pc-8t for ged-emacs-devel@m.gmane.org; Tue, 01 May 2012 10:00:38 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:58488) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SPDd4-0000hY-FR for emacs-devel@gnu.org; Tue, 01 May 2012 10:00:36 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SPDd1-0002AZ-8q for emacs-devel@gnu.org; Tue, 01 May 2012 10:00:34 -0400 Original-Received: from plane.gmane.org ([80.91.229.3]:35661) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SPDd0-0002A4-UP for emacs-devel@gnu.org; Tue, 01 May 2012 10:00:31 -0400 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1SPDcx-0007bb-HM for emacs-devel@gnu.org; Tue, 01 May 2012 16:00:27 +0200 Original-Received: from c-76-28-40-19.hsd1.vt.comcast.net ([76.28.40.19]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 01 May 2012 16:00:27 +0200 Original-Received: from tzz by c-76-28-40-19.hsd1.vt.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 01 May 2012 16:00:27 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 86 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: c-76-28-40-19.hsd1.vt.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.1.50 (gnu/linux) Cancel-Lock: sha1:CqProLfyEFcowryHA01Bq7SAM3E= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:150177 Archived-At: On Mon, 30 Apr 2012 14:51:24 +0200 Richard Riley wrote: RR> I would expect [`auth-sources'] should default to the most RR> secure. And allow fall through on the search. Should you really RR> want, for some really obscure reason, to prefer a plain text file RR> for secure passwords over the .gpg then some sort of override could RR> be implemented. I know I'd be pretty miffed if I saved passwords RR> thinking they were going into .gpg only to have them read out to me RR> at a later date by someone who got hold of the plaintext file. The prompt clearly says "add entry to authinfo/authinfo.gpg?" when entries are added automatically, and if you edit manually you should know what you're editing. The fall-through works just fine. But if an entry is in the first file in `auth-sources', and :max 1 is specified, there's no need to open a bunch of files when we have an answer already. On Tue, 1 May 2012 08:41:49 +1000 Tim Cross wrote: TC> For me, the main question relating to this and usability is to what TC> extent other platforms, like windows, will have the necessary TC> encryption facilities available such that having the encrypted version TC> as default will not result in really broken or inconvenient behaviour TC> for them. Not being a windows user, I cannot assess this issue. I can tell you it doesn't work on W32 and many other platforms. We'd need a native implementation of the OpenPGP packet format (probably through libnettle). If we had that, we could definitely use .gpg as the default everywhere. libcurl (thus Git and curl, among others) would still be unable to use it, but at least you'd have Emacs-side consistency. TC> Regardless of the style of authinfo file being used, my issue is that TC> the library appears to only use the first choice in the auth-sources TC> list even when it knows (at least should) there is a gpg file. In this TC> situation, it should default to the gpg version, not to the first item TC> in the auth-sources spec. I disagree. `auth-sources' specifies a search order and should not be rearranged by the auth-source.el library. TC> Unfortunately,, I don't think asking the user to edit the auth-sources TC> list is the right answer. I think it's the only answer. Why is it a problem to ask the user to do `M-x customize-variable auth-sources'? It's completely analogous with the rest of Emacs' customization UI. TC> I think this can be resolved fairly easily. If auth-sources has TC> already found a .authinfo.gpg file in it's initial search, then that TC> should become the default file to sotre new credentials, regardless TC> of what is first in auth-sources. I don't want to change the simple, clear logic of "save to the first place you can." Otherwise you'd have to pick between saving to plist-store, Secrets API, or .gpg file. Which one is right? TC> In addition, it would be good to allow the user to [change] the TC> destination filename at the prompt when asked if they want to save TC> the current credentials. That's a good idea. Maybe offer a choice between the various entries in `auth-sources' that can save. TC> Not also, the auth-sources manual is a bit misleading. It states that TC> the gpg version will be searched first. If I understand correctly, TC> this is not the case - it depends on auth-sources. Thanks, I've updated the manual in the Gnus repo and it should make its way to Emacs. TC> I will also need to check the meaning of :max 1 - I thought that meant TC> the search should return a maximum of one result, not, as seems to be TC> implied by the text in that bug report, that the library would only TC> search a max of 1 file. Another (less desirable) solution would be for TC> the library to continue to search all files until either it found a TC> match or ran out of files. This would at least stop the bug we ran TC> into beause auth-source created a .authinfo file when we already had TC> an .authinfo.gpg file. `auth-source-search' will pass :max to each parser, which will stop when it finds enough entries. So if there are 3 files and the second one has the entry, `auth-source-search' will open 2 files for parsing. :max definitely does not refer to the number of files to check. Ted