From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: movemail Date: Wed, 2 Aug 2017 17:35:12 +1000 Message-ID: References: <83a83k0yu5.fsf@gnu.org> <1bcddec1-befd-fffc-b5b4-ec7f1e3bd844@cs.ucla.edu> <83shhbyvlw.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="001a11412f46ebb8540555c04dc3" X-Trace: blaine.gmane.org 1501659327 29349 195.159.176.226 (2 Aug 2017 07:35:27 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 2 Aug 2017 07:35:27 +0000 (UTC) Cc: Paul Eggert , rms@gnu.org, Emacs developers To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Aug 02 09:35:21 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dcoBd-0007H1-09 for ged-emacs-devel@m.gmane.org; Wed, 02 Aug 2017 09:35:21 +0200 Original-Received: from localhost ([::1]:45860 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcoBj-0007sm-0Q for ged-emacs-devel@m.gmane.org; Wed, 02 Aug 2017 03:35:27 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45511) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dcoBa-0007sg-Ql for emacs-devel@gnu.org; Wed, 02 Aug 2017 03:35:19 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dcoBZ-0001gT-RN for emacs-devel@gnu.org; Wed, 02 Aug 2017 03:35:18 -0400 Original-Received: from mail-qt0-x22f.google.com ([2607:f8b0:400d:c0d::22f]:35559) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dcoBV-0001cD-OV; Wed, 02 Aug 2017 03:35:13 -0400 Original-Received: by mail-qt0-x22f.google.com with SMTP id p3so22259821qtg.2; Wed, 02 Aug 2017 00:35:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Aw6qdaie5Q22stmCTEvKPnirJ+tNwE7UaBYP5CCGqUQ=; b=SPdOUzj4PSz469FTXTtb+8b1mqIcLIHUQCbOt2EGrghr9mNK3emj3ImW2RnOCO4tpU gQYbFmW0qRVDce/F9dnM4dls3O9Wp3xExvUriH6jLbK7siDmFdMvNr6uLLIRZ1JAEbMs Zec5mf0du1aDuvwR/R1BFeFLdKaOIh7+AfDLJa1OLBz0D78920NksuhTWt8r/xJajnsU 61IlfxxL2V1XwifWxUVb9BafryWvIq1QdjsQE3Fo4wHVSV8iK5liC7GLB/xeDcfyVAp5 +RIui7gZMHn6YEZDBsXgKWpmhru7X80Snhhkt5sQQGe6a+6LX6gpdxh5yuk3BzzfqIHn f/2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Aw6qdaie5Q22stmCTEvKPnirJ+tNwE7UaBYP5CCGqUQ=; b=iwjERudCfFqI4Kokw/u/PhOQ8GsWOi8W93WHE3/y4kLn8hCp+903LgEl0U2r1zeRYc /IcmZI3qNJfmpigImb2Rc520cgYnMUTFa5wo9owaNF/QhOeJdffyElFB3I4wUbjHx7di a9IxhM07fIF39Ulq+qHvge6zeDnMXFlBj0Rmiwf88gThH3/O45/dvWrnvVbTHLn6XJap hZcuU/C1RBQ7eGPvo2fo/tTDBohtUpOIwjn6mmELfXQMEMM13G1lswnwZNoCCgVGrda8 0cwZ/tSBGrmaVxywGHtDdg03wSSDAFhofrwT+SDIPGXznD1m2nMhmMYNX6n4hdgFIytj Ji6g== X-Gm-Message-State: AIVw1137nYilVUyh6vP/LhIotPZRC1yn/h44uKRYpgWjMmsdC1QBo7WY l7k1MQrj4ioO2PrN2ZrS52QZHf+LolPq X-Received: by 10.200.52.115 with SMTP id v48mr31655600qtb.225.1501659312924; Wed, 02 Aug 2017 00:35:12 -0700 (PDT) Original-Received: by 10.200.38.227 with HTTP; Wed, 2 Aug 2017 00:35:12 -0700 (PDT) In-Reply-To: <83shhbyvlw.fsf@gnu.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400d:c0d::22f X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:217234 Archived-At: --001a11412f46ebb8540555c04dc3 Content-Type: text/plain; charset="UTF-8" Do we have any figures on the percentage of users on different platforms and of those, how many of them actually need this insecure POP3 functionality? I would have thought very few users actually need the movemail feature, especially on non-POSIX systems. Also, why is an insecure pop3 process the only solution or is it really the only solution because nobody has put time into a better secure solution? On 2 August 2017 at 04:46, Eli Zaretskii wrote: > > Cc: emacs-devel@gnu.org > > From: Paul Eggert > > Date: Tue, 1 Aug 2017 09:18:57 -0700 > > > > >> Should we delete the movemail program, given these problems with it? > > > No, because non-Posix systems have no choice but use it. Gnu > > > Mailutils are blatantly Posix-centric and don't build on anything > > > else. > > > > Instead of deleting movemail, we could change 'configure' so that > > '--without-pop' is the default. This wouldn't affect platforms that use > GNU > > Mailutils, and would improve security on other platforms' default > installation. > > Once again, since the main mass of users of this program seems no > longer to dwell on Posix platforms, please do NOT take away the POP3 > option by default. > > -- regards, Tim -- Tim Cross --001a11412f46ebb8540555c04dc3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Do we have any figures on the percentage of users on diffe= rent platforms and of those, how many of them actually need this insecure P= OP3 functionality?=C2=A0 I would have thought very few users actually need = the movemail feature, especially on non-POSIX systems. Also, why is an inse= cure pop3 process the only solution or is it really the only solution becau= se nobody has put time into a better secure solution?

On 2 August 2017 at 04:46, Eli Za= retskii <eliz@gnu.org> wrote:
&= gt; Cc: emacs-devel@gnu.org
> From: Paul Eggert <eggert@cs.= ucla.edu>
> Date: Tue, 1 Aug 2017 09:18:57 -0700
>
> >> Should we delete the movemail program, given these problems w= ith it?
> > No, because non-Posix systems have no choice but use it.=C2=A0 Gn= u
> > Mailutils are blatantly Posix-centric and don't build on anyt= hing
> > else.
>
> Instead of deleting movemail, we could change 'configure' so t= hat
> '--without-pop' is the default. This wouldn't affect platf= orms that use GNU
> Mailutils, and would improve security on other platforms' default = installation.

Once again, since the main mass of users of this program seems = no
longer to dwell on Posix platforms, please do NOT take away the POP3
option by default.




--
regards,

Tim

--
T= im Cross

--001a11412f46ebb8540555c04dc3--