From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stephen J. Turnbull" Newsgroups: gmane.emacs.devel Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL. Date: Wed, 29 Oct 2014 11:33:43 +0900 Message-ID: <87a94f4naw.fsf@uwakimon.sk.tsukuba.ac.jp> References: <20141022193441.GA11872@roeckx.be> <87zjcnj2k6.fsf@trouble.defaultvalue.org> <87mw8mzmxj.fsf@mid.deneb.enyo.de> <20141023143702.3897e618@jabberwock.cb.piermont.com> <8761fazkx7.fsf@mid.deneb.enyo.de> <20141023145721.12ed0820@jabberwock.cb.piermont.com> <87vbnay5lf.fsf@mid.deneb.enyo.de> <20141023154223.45f2c9eb@jabberwock.cb.piermont.com> <874muuihjh.fsf@uwakimon.sk.tsukuba.ac.jp> <20141023230048.13f8234a@jabberwock.cb.piermont.com> <87wq7pgpif.fsf@uwakimon.sk.tsukuba.ac.jp> <20141024171421.78720abe@jabberwock.cb.piermont.com> <87r3xxgmx2.fsf@uwakimon.sk.tsukuba.ac.jp> <20141024204202.276dbb1f@jabberwock.cb.piermont.com> <8738a95t6b.fsf@uwakimon.sk.tsukuba.ac.jp> <20141027153954.08930677@jabberwock.cb.piermont.com> <87lho04qvn.fsf@uwakimon.sk.tsukuba.ac.jp> <20141028111032.19366491@jabberwock.cb.piermont.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 X-Trace: ger.gmane.org 1414550065 774 80.91.229.3 (29 Oct 2014 02:34:25 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 29 Oct 2014 02:34:25 +0000 (UTC) Cc: Florian Weimer , rms@gnu.org, kurt@roeckx.be, Rob Browning , emacs-devel@gnu.org To: "Perry E. Metzger" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 29 03:34:18 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XjJ5R-0003Dw-Sr for ged-emacs-devel@m.gmane.org; Wed, 29 Oct 2014 03:34:14 +0100 Original-Received: from localhost ([::1]:42350 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XjJ5R-0000qJ-3F for ged-emacs-devel@m.gmane.org; Tue, 28 Oct 2014 22:34:13 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48445) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XjJ59-0000pk-QL for emacs-devel@gnu.org; Tue, 28 Oct 2014 22:34:11 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XjJ51-0003X7-AI for emacs-devel@gnu.org; Tue, 28 Oct 2014 22:33:55 -0400 Original-Received: from shako.sk.tsukuba.ac.jp ([130.158.97.161]:54378) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XjJ51-0003Vz-0S; Tue, 28 Oct 2014 22:33:47 -0400 Original-Received: from uwakimon.sk.tsukuba.ac.jp (uwakimon.sk.tsukuba.ac.jp [130.158.99.156]) by shako.sk.tsukuba.ac.jp (Postfix) with ESMTP id 32DCB1C3A54; Wed, 29 Oct 2014 11:33:43 +0900 (JST) Original-Received: by uwakimon.sk.tsukuba.ac.jp (Postfix, from userid 1000) id 241771A27CF; Wed, 29 Oct 2014 11:33:43 +0900 (JST) In-Reply-To: <20141028111032.19366491@jabberwock.cb.piermont.com> X-Mailer: VM undefined under 21.5 (beta34) "kale" acf1c26e3019 XEmacs Lucid (x86_64-unknown-linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 130.158.97.161 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:175958 Archived-At: Perry E. Metzger writes: > Name calling is pretty much always a bad idea in a rational > discussion. It adds nothing. Defending it as though it were some > valid form of argumentation is ridiculous. OK. Have some valid argumentation: So far I have seen "Perry E. Metzger " advocate nothing but extreme positions, often as slogans ("only one mode, and that is secure"), without backing them up with the relevant facts on *both* sides of the argument so that others can judge "the balance" for themselves. Others, whose opinions I have seen to be substantiated in the past, acknowledge that while there is some justice to the central claim ("fallback to SSL3 is dangerous"), there is also controversy among experts about how serious the danger of SSL3 is in various contexts. Instead of addressing that in the context of Emacs, he provides anecdotes about unrelated systems, where the danger is obvious to any layman, as evidence of how serious things *can* get, but is unwilling to provide facts about the actual uptake of his recommendations even in these extreme use cases, despite the fact that the central vulnerability of his argument is that users will choose to avoid upgrades because of the inconvenience of the additional security. I see no reason at present to expect him to provide balance in the future or account for other values such as user inconvenience in making his assessments, and therefore discount his recommendations in spite of his evident technical expertise and experience. I recommend to others that they be careful of accepting his policy recommendations in this context despite his expertise, and demand more careful argument than he has provided so far, as so far I have seen only extreme policies appropriate for extreme use cases. But the policies are not obviously appropriate for Emacs, and I don't see a valid analogy to Emacs in the use cases. All OK now, right? N.B. As you have probably recognized, the above is argument ad hominem, and does not directly address the issues involved. But that form of argument is appropriate in this case, because the point is that, despite your expertise, you haven't addressed them either. Instead, you have relied on the fact of your expertise (argumentum ad hominem itself!) and a few specious analogies, rather than the facts of *this* case.