From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: package.el + DVCS for security and convenience Date: Mon, 31 Dec 2012 06:18:11 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87ip7i5v2k.fsf@lifelogs.com> References: <8738zf70ep.fsf@riseup.net> <871uejlbm1.fsf@lifelogs.com> <87obhmzl2f.fsf@bzg.ath.cx> <20121222141742.7494b429fe36e5ccef50cf6f@gmail.com> <87d2y2w9j5.fsf@uwakimon.sk.tsukuba.ac.jp> <87wqwas0gr.fsf@bzg.ath.cx> <87d2y2p6d7.fsf@bzg.ath.cx> <87sj6xg9p2.fsf_-_@lifelogs.com> <87k3s78hsc.fsf@lifelogs.com> <874njbuen3.fsf@uwakimon.sk.tsukuba.ac.jp> <87bodg7v1t.fsf@lifelogs.com> <87d2xwtcqo.fsf@uwakimon.sk.tsukuba.ac.jp> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1356952717 12181 80.91.229.3 (31 Dec 2012 11:18:37 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 31 Dec 2012 11:18:37 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Dec 31 12:18:53 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TpdON-0001vY-R3 for ged-emacs-devel@m.gmane.org; Mon, 31 Dec 2012 12:18:52 +0100 Original-Received: from localhost ([::1]:43485 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TpdO8-0003nJ-WF for ged-emacs-devel@m.gmane.org; Mon, 31 Dec 2012 06:18:37 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:43047) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TpdO6-0003nE-Ne for emacs-devel@gnu.org; Mon, 31 Dec 2012 06:18:35 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TpdO5-0000FX-CR for emacs-devel@gnu.org; Mon, 31 Dec 2012 06:18:34 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]:48470) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TpdO5-0000FR-5c for emacs-devel@gnu.org; Mon, 31 Dec 2012 06:18:33 -0500 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1TpdOF-0001mV-La for emacs-devel@gnu.org; Mon, 31 Dec 2012 12:18:43 +0100 Original-Received: from c-65-96-148-157.hsd1.ma.comcast.net ([65.96.148.157]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 31 Dec 2012 12:18:43 +0100 Original-Received: from tzz by c-65-96-148-157.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 31 Dec 2012 12:18:43 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 46 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-65-96-148-157.hsd1.ma.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) Cancel-Lock: sha1:paobGS9PbhiBuSgYoWbfmPwCH4I= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:156019 Archived-At: On Thu, 27 Dec 2012 12:06:39 +0900 "Stephen J. Turnbull" wrote: SJT> Thing is, viewed from that point of view, I don't buy you (or Paul SJT> Eggert, for that matter) as an authority on security good enough, or SJT> available enough (which might extend to making security your day-in, SJT> day-out contribution to Emacs) to make such decisions *for all Emacs SJT> users*. You could sell me on that point, though. *You haven't SJT> tried.* That is what worries me. I know, from embarrassing personal SJT> experience, that smart people trying to be secure can be exploited. SJT> It's not a question of your skills as a programmer, it's your attitude SJT> as a "security officer" that doesn't thrill me. I do not plan to be a "security officer," to prove my credentials to your satisfaction, or to do it as a full-time job, yet I do plan to contribute to Emacs security like I have before, gradually and carefully after public discussion. I encourage you and others to do the same. >> (Also see my earlier suggestions about providing secure data >> storage at the C level, so Emacs is not as vulnerable to core dumps >> to find user passwords and other secrets. There are many areas to >> improve.) SJT> The question is, which ones can and should Emacs take responsibility SJT> for? Providing secure storage is surely one of them, because AFAIK SJT> users can't do that themselves with an external tool. I think you agree with the idea of secure storage being an Emacs facility. That is a long-term goal, like concurrency or lexical bindings. Similarly, Emacs needs a secure way to get data in and out of that storage from external files or data. Depending on an external binary tool, *long-term*, to provide this transfer is IMO a poor security decision for a platform such as Emacs. >> The OpenPGP protocol is described in http://tools.ietf.org/html/rfc4880 >> and thus fairly standard. Verifying a signature, in particular, does >> not require implementing the full protocol, SJT> No, it's not difficult to implement. But quis custodiet: what makes SJT> you think your implementation itself won't be vulnerable to attacks, SJT> many of which may not be under your implementation's control? Because it will be perfect, obviously. Ted