From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: "Daiki Ueno" <ueno@unixuser.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Moving files from lisp/gnus/ to lisp/net/?
Date: Thu, 8 Nov 2007 09:46:38 +0900
Message-ID: <54a15d860711071646u2c200961y69e7d684c7418a7a@mail.gmail.com>
References: <ilu655bwzng.fsf@latte.josefsson.org>
	<E1CJY1k-0001Ad-FX@fencepost.gnu.org>
	<iluu0sk9udg.fsf@latte.josefsson.org>
	<E1CM4ey-00051Y-WB@fencepost.gnu.org>
	<ilulldunavv.fsf@latte.josefsson.org>
	<E1Iny2e-0003Ix-Pb@fencepost.gnu.org>
	<87y7dd2e0f.fsf@mocca.josefsson.org>
	<E1IpJxB-0003Hp-4I@fencepost.gnu.org>
	<54a15d860711060601s2d85f32o5942939270a7e59e@mail.gmail.com>
	<E1IpflD-0004QC-8L@fencepost.gnu.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1194482817 3925 80.91.229.12 (8 Nov 2007 00:46:57 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 8 Nov 2007 00:46:57 +0000 (UTC)
Cc: simon@josefsson.org, emacs-devel@gnu.org
To: rms@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Nov 08 01:47:00 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1IpvXu-0003gl-Sz
	for ged-emacs-devel@m.gmane.org; Thu, 08 Nov 2007 01:46:59 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1IpvXj-0006Rz-Gf
	for ged-emacs-devel@m.gmane.org; Wed, 07 Nov 2007 19:46:47 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1IpvXe-0006RU-W6
	for emacs-devel@gnu.org; Wed, 07 Nov 2007 19:46:43 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1IpvXc-0006R9-Lk
	for emacs-devel@gnu.org; Wed, 07 Nov 2007 19:46:41 -0500
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1IpvXc-0006R6-GG
	for emacs-devel@gnu.org; Wed, 07 Nov 2007 19:46:40 -0500
Original-Received: from el-out-1112.google.com ([209.85.162.176])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <daiki.ueno@gmail.com>) id 1IpvXc-0002ep-64
	for emacs-devel@gnu.org; Wed, 07 Nov 2007 19:46:40 -0500
Original-Received: by el-out-1112.google.com with SMTP id s27so681148ele
	for <emacs-devel@gnu.org>; Wed, 07 Nov 2007 16:46:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta;
	h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	bh=Gd6Q/cgMpbBAHQ4WYT3b07Ev89qQ9rTSSmgbPk+LtSE=;
	b=ga0993cpsJTTvl48/W6jzY9DWNkE6DKvCU6OY25qpTZ45X7252zEgejhmCdDV5pXaRHdzHEOgdw9CcP501CpQd3CKQC/I3IIUHV7nqp166FzcwUso4mSX8QuqlH97yuScP9UdQh99H27T5gToDBZT4dazqsDkqeRUJA8q2F/DD4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
	h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	b=csdU0Ey72BJC4t8tYvqCuJAHoPzBUe59eznM23mqFckAqPp8J2fiUWwr3yoD5bc+LIcosUlzL5HwolUAmdIol4MQqPaBIvmeVSl0eJXSs5a0wcZd1g3O1PIJJMi3zJ6nypfRG9ybYPpEH+VK2QdJ9b9df8zYp+8qC1/nR55F1c0=
Original-Received: by 10.142.104.9 with SMTP id b9mr1619078wfc.1194482798235;
	Wed, 07 Nov 2007 16:46:38 -0800 (PST)
Original-Received: by 10.142.241.4 with HTTP; Wed, 7 Nov 2007 16:46:38 -0800 (PST)
In-Reply-To: <E1IpflD-0004QC-8L@fencepost.gnu.org>
Content-Disposition: inline
X-Google-Sender-Auth: fdf823f19a51e243
X-detected-kernel: by monty-python.gnu.org: Linux 2.4-2.6 (Google crawlbot)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:82774
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/82774>

2007/11/7, Richard Stallman <rms@gnu.org>:
>     Even though read-passwd is not perfectly secure, it is far better than
>     password caching in elisp.  If read-passwd does password caching by
>     itself and the docstring says so, thoughtless programmers will tend to
>     use that feature in every case.  That will cause spreading insecure
>     code.
>
> I do not understand the argument you are making.  I was talking about
> two alternatives for writing the Lisp code: one function and two
> functions.  I don't know how to relate what you said to that choice.

I wanted to mean that "two functions" approach is better than "one
function" approach.  The rationales are:

(1) the current read-passwd is reasonably secure (since it clears
passphrase strings read as much as possible).

(2) passphrase caching in elisp inherently has a risk to leak
passphrases to disks.

(3) if read-passwd caches passphrases when the optional argument is
given, some people will misuse that new feature (perhaps by cut&paste
existing code)
even though the docstring of read-passwd explicitly states that behavior.

Regards,
-- 
Daiki Ueno