From: Eli Zaretskii <eliz@gnu.org>
To: Robert Pluim <rpluim@gmail.com>
Cc: emacs-devel@gnu.org
Subject: Re: open-{gnutls,network}-stream backwards compatibility
Date: Fri, 04 Jan 2019 16:06:26 +0200 [thread overview]
Message-ID: <838t0034bh.fsf@gnu.org> (raw)
In-Reply-To: <m27efmx50m.fsf@gmail.com> (message from Robert Pluim on Wed, 02 Jan 2019 19:56:25 +0100)
> From: Robert Pluim <rpluim@gmail.com>
> Cc: emacs-devel@gnu.org
> Date: Wed, 02 Jan 2019 19:56:25 +0100
>
> > change open-network-stream such that not specifying
> > :client-certificate is the same as specifying t
> >
> > Doesn't this mean an incompatible change in behavior?
>
> For what I think is a tiny (perhaps non-existent) minority of Emacs
> users.
We have no reliable way of estimating the number of affected users.
Besides, even if there's only a single user affected, it requires us
to consider this an incompatible change, which should be avoided if
possible.
> Currently, specifying ':client-certificate t' to open-network-stream
> causes client certificates to be looked up via auth-source up when
> using external gnutls-cli.
>
> My fix intends to extend that behaviour to do the same when using
> built-in GnuTLS. So far I think thatʼs uncontroversial.
Yes.
> My follow-on to that fix would be to assume that not specifying
> :client-certificate at all when calling open-network-stream is the
> same as specifying ':client certificate t'. Only people with existing
> client certificate entries in their auth-source provider (such as
> .authinfo) would see a change in behaviour.
It's still a change. At the very least, we should provide a way to
have the old behavior back.
> If that last change is unacceptable, Iʼd want to change all the
> callers of open-network-stream inside Emacs to specify
> ':client-certificate t'. People using built-in Emacs packages would
> then be able to use client certificates by changing configuration data
> only. People using packages developed outside Emacs would need to
> update those external packages to versions which specify
> ':client-certificate t', which is what Iʼd like to avoid.
>
> Short version: we assume a username/password entry in auth-source for
> a specific server means 'use this username/password', so we should do
> the same for a client-certificate specification.
I don't necessarily disagree, provided that we give users who
want/need that a way to get back the old behavior. Maybe I'm
misunderstanding, but it sounds like both of your alternatives are
backward-incompatible, so they both need such a "fire escape".
Thanks.
next prev parent reply other threads:[~2019-01-04 14:06 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-02 16:49 open-{gnutls,network}-stream backwards compatibility Robert Pluim
2019-01-02 17:04 ` Eli Zaretskii
2019-01-02 17:47 ` Robert Pluim
2019-01-02 18:07 ` Eli Zaretskii
2019-01-02 18:56 ` Robert Pluim
2019-01-04 14:06 ` Eli Zaretskii [this message]
2019-01-04 22:29 ` Robert Pluim
2019-01-05 6:58 ` Eli Zaretskii
2019-01-05 7:36 ` Robert Pluim
2019-01-05 8:40 ` Eli Zaretskii
2019-01-09 21:50 ` Robert Pluim
2019-01-10 15:53 ` Ted Zlatanov
2019-01-10 16:05 ` Eli Zaretskii
2019-01-12 11:16 ` Eli Zaretskii
2019-01-02 18:12 ` Ted Zlatanov
2019-01-02 18:30 ` Eli Zaretskii
2019-01-02 19:18 ` Ted Zlatanov
2019-01-02 19:49 ` Eli Zaretskii
2019-01-02 20:01 ` Robert Pluim
2019-01-02 20:25 ` Ted Zlatanov
2019-01-04 11:15 ` Robert Pluim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=838t0034bh.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=rpluim@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.