From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Richard Riley Newsgroups: gmane.emacs.devel Subject: Re: auth-source change default spec Date: Mon, 30 Apr 2012 14:51:24 +0200 Organization: aich tea tea pea dicky riley dot net Message-ID: References: <87zk9to1bh.fsf@lifelogs.com> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1335790310 29537 80.91.229.3 (30 Apr 2012 12:51:50 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 30 Apr 2012 12:51:50 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Apr 30 14:51:48 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1SOq4w-0006tI-LK for ged-emacs-devel@m.gmane.org; Mon, 30 Apr 2012 14:51:46 +0200 Original-Received: from localhost ([::1]:48010 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SOq4v-0005H9-UD for ged-emacs-devel@m.gmane.org; Mon, 30 Apr 2012 08:51:45 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:56597) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SOq4t-0005Gq-8g for emacs-devel@gnu.org; Mon, 30 Apr 2012 08:51:44 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SOq4r-0001AV-7b for emacs-devel@gnu.org; Mon, 30 Apr 2012 08:51:42 -0400 Original-Received: from plane.gmane.org ([80.91.229.3]:40710) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SOq4r-0001AR-0t for emacs-devel@gnu.org; Mon, 30 Apr 2012 08:51:41 -0400 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1SOq4n-0006jv-Dc for emacs-devel@gnu.org; Mon, 30 Apr 2012 14:51:37 +0200 Original-Received: from 85.183.18.158 ([85.183.18.158]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 30 Apr 2012 14:51:37 +0200 Original-Received: from rileyrg by 85.183.18.158 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 30 Apr 2012 14:51:37 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 53 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 85.183.18.158 Mail-Copies-To: never User-Agent: Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.0.93 (gnu/linux) Cancel-Lock: sha1:FMjzvE4V4nFfZ2+0Z8Doh8Q5WY4= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:150156 Archived-At: Ted Zlatanov writes: > On Sat, 28 Apr 2012 10:45:37 +1000 Tim Cross wrote: > > TC> I've recently run into a minor problem with the auth-source library > TC> which I think is due to the default SPEC for auth-sources. I wanted > TC> some feedbak before logging a bug request and also wanted to make this > TC> possible issue visible asap given the need to get defaults sorted for > TC> the next release. > > TC> The current default sorces spec (taken from recent emacs bzr sources) is > > TC> ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc") > > TC> I think it should be changed to have .authinfo.gpg first in the > TC> list. > > Could you please read through Emacs bug #9113? It deals with this issue > at length. > > http://comments.gmane.org/gmane.emacs.bugs/49377 > > I had the .gpg file first originally and would still like it to be > first, but the objections are quite reasonable. > > TC> The reason is that if you already have a .authinfo.gpg file and then > TC> attempt to access a resource for which you don't yet have credentials > TC> and the search criteria specifies the :create option, because > TC> .authinfo is first, it will attempt to save the credentials in the > TC> .authinfo file and not .authinfo.gpg. If you have things configured to > TC> ask if you want to save (the default) it will ask if you want to save > TC> to .authinfo even when it is aware you have a .authinfo.gpg file. It > TC> does not appear to give you an option to change this. If you just > TC> accept the defaults and you do use .authinfo.gpg, things will break > TC> when you add new credentials because it will create a .authinfo > TC> file. > > I don't think anything is broken. auth-source is simply respecting > `auth-sources' as it's supposed to. Preferring the second source > because of some attribute (e.g. "it has the .gpg extension") is much > worse in terms of usability. I would strongly disagree. I would expect it should default to the most secure. And allow fall through on the search. Should you really want, for some really obscure reason, to prefer a plain text file for secure passwords over the .gpg then some sort of override could be implemented. I know I'd be pretty miffed if I saved passwords thinking they were going into .gpg only to have them read out to me at a later date by someone who got hold of the plaintext file.