From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.devel
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Thu, 05 Jul 2018 11:36:55 -0400
Message-ID: <jwv1schhf2k.fsf-monnier+gmane.emacs.devel@gnu.org>
References: <m236xe5vo2.fsf@mobilecat.lan>
	<eba313cf-104d-50dd-f1cd-4acb15864c0f@cs.ucla.edu>
	<m3a7rm2yrh.fsf@gnus.org> <m3602a2y7o.fsf@gnus.org>
	<c2d2b039-e012-f85f-bfbe-62f813bfc886@gmail.com>
	<m37empby3g.fsf@gnus.org>
	<20180705093346.071e6970@jabberwock.cb.piermont.com>
	<a53f2b9e-0cad-3df9-6059-6817ceeb231b@gmail.com>
	<20180705113045.2fbac828@jabberwock.cb.piermont.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1530804967 15811 195.159.176.226 (5 Jul 2018 15:36:07 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Thu, 5 Jul 2018 15:36:07 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Jul 05 17:36:02 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fb6Ia-0003ye-Nf
	for ged-emacs-devel@m.gmane.org; Thu, 05 Jul 2018 17:36:00 +0200
Original-Received: from localhost ([::1]:53334 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fb6Kh-0005lf-Ul
	for ged-emacs-devel@m.gmane.org; Thu, 05 Jul 2018 11:38:11 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48944)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1fb6Jm-0005kQ-3O
	for emacs-devel@gnu.org; Thu, 05 Jul 2018 11:37:16 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1fb6Jj-0000S3-0G
	for emacs-devel@gnu.org; Thu, 05 Jul 2018 11:37:14 -0400
Original-Received: from [195.159.176.226] (port=56941 helo=blaine.gmane.org)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ged-emacs-devel@m.gmane.org>)
	id 1fb6Ji-0000Px-P0
	for emacs-devel@gnu.org; Thu, 05 Jul 2018 11:37:10 -0400
Original-Received: from list by blaine.gmane.org with local (Exim 4.84_2)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1fb6HU-0002Xw-10
	for emacs-devel@gnu.org; Thu, 05 Jul 2018 17:34:52 +0200
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 15
Original-X-Complaints-To: usenet@blaine.gmane.org
Cancel-Lock: sha1:HMyGczlgAJkM1UnySVBvSKKgIaU=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 195.159.176.226
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:226957
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/226957>

> In spite of the name "gnu" in "gnutls", gnutls is not FSF or Gnu
> software. I think Emacs should be using OpenSSL, as it is a much
> better maintained library.

I don't have a strong preference either way, but I've heard the above
argument combined with arguments of security, but AFAIK gnutls is still
maintained and its security track record is no worse than that
of OpenSSL.

IOW someone really concerned about security would likely choose
something else than OpenSSL or gnutls.  E.g. something not written in
a language that makes it hard to write safe code, for instance.


        Stefan