From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.devel
Subject: Re: [Patch] Avoid recording chars when reading passwords
Date: Wed, 15 Jun 2022 08:27:51 -0400
Message-ID: <jwvy1xyyuyu.fsf-monnier+emacs@gnu.org>
References: <87edzz8dzo.fsf@elite.giraud> <834k0v5f7z.fsf@gnu.org>
 <8735g7vb47.fsf@elite.giraud> <83bkuvtr3q.fsf@gnu.org>
 <jwvh74n5suc.fsf-monnier+emacs@gnu.org> <83tu8nrvdb.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="15727"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)
Cc: manuel@ledu-giraud.fr,  emacs-devel@gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Jun 15 14:35:46 2022
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1o1SFM-0003oC-JB
	for ged-emacs-devel@m.gmane-mx.org; Wed, 15 Jun 2022 14:35:44 +0200
Original-Received: from localhost ([::1]:37034 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1o1SFL-0001na-Hd
	for ged-emacs-devel@m.gmane-mx.org; Wed, 15 Jun 2022 08:35:43 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:57340)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <monnier@iro.umontreal.ca>)
 id 1o1S7s-0004oz-4H
 for emacs-devel@gnu.org; Wed, 15 Jun 2022 08:28:00 -0400
Original-Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:1277)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <monnier@iro.umontreal.ca>)
 id 1o1S7o-0003h7-0S; Wed, 15 Jun 2022 08:27:59 -0400
Original-Received: from pmg1.iro.umontreal.ca (localhost.localdomain [127.0.0.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id 2EC7B10048C;
 Wed, 15 Jun 2022 08:27:54 -0400 (EDT)
Original-Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id A2AD6100280;
 Wed, 15 Jun 2022 08:27:52 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1655296072;
 bh=tRYy2BwGX2RS+ViNCRpAqle321PF0q+Hi+J8sTNcKSY=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
 b=f7UgAm4zhkHRX2NWXlok5BNskVxFR4Tv751Gpe9ApwdZVwCl9tXfCd/S5+1wdXW6r
 j/cralBN3Q11tOHlYK6prXffshRym2B7cwscvnO85+zIm9IidVhTgiXW8ri7hkpqYz
 4Z2MbQE7Gi8d8Y2NnPZw/jCTJJVuyEJKwqTwT/B9zB4ogJ+e4tLw57zpn/+prdcTBg
 MTFDfS8ySFFLuz+xBFvi1tpyl7vbao3selqalEpwtOtV+b8a+hSBAJvqHm33m+HgQU
 S+Rhw6Oy3BzWD7yDwZULUImZ1oQrLvBmdqWPFUIm8RGSK1eyZ1mW2lZcdrzhc6rsSe
 sAjFbbOBm07Pg==
Original-Received: from pastel (unknown [45.72.221.51])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id 57CEC120180;
 Wed, 15 Jun 2022 08:27:52 -0400 (EDT)
In-Reply-To: <83tu8nrvdb.fsf@gnu.org> (Eli Zaretskii's message of "Tue, 14 Jun
 2022 20:46:24 +0300")
Received-SPF: pass client-ip=132.204.25.50;
 envelope-from=monnier@iro.umontreal.ca; helo=mailscanner.iro.umontreal.ca
X-Spam_score_int: -42
X-Spam_score: -4.3
X-Spam_bar: ----
X-Spam_report: (-4.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:291208
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/291208>

> The next question is: do we want to enable this by default

I'm strongly in favor of it being enabled by default, yes.
I think most people expect that their passwords aren't trivially
available in clear from the lossage.

> and in a way that users cannot have the previous behavior back?

I'd think being able to redefine `read-password` is sufficient, because
it should really be extremely uncommon to need your password to appear
in lossage and/or a dribble file.


        Stefan