From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: =?utf-8?Q?=C3=93scar_Fuentes?= <ofv@wanadoo.es>
Newsgroups: gmane.emacs.devel
Subject: Re: GnuTLS for W32
Date: Mon, 02 Jan 2012 04:18:05 +0100
Message-ID: <87boqmlrma.fsf@wanadoo.es>
References: <CAJU7zaKH0NTE7ko6u24gXy9WupsNw+CAvhMdVudzxpXvsY2vig@mail.gmail.com>
	<87aa68dfao.fsf@lifelogs.com>
	<CAJU7zaLUNHr9zBWWja97Pv1cYz1EVQEufukXF2FiyQ04Lk-CiA@mail.gmail.com>
	<E1RhJvY-0004l9-OX@fencepost.gnu.org> <87ty4fbje8.fsf@lifelogs.com>
	<83ehvjs8t5.fsf@gnu.org> <87pqf3bcom.fsf@lifelogs.com>
	<83boqns68o.fsf@gnu.org> <87liprazr1.fsf@lifelogs.com>
	<83wr9bqez3.fsf@gnu.org> <87y5tr9dwv.fsf_-_@lifelogs.com>
	<CAAeL0ST2gism_uO8yQCBLk_81OGyHEOyPwOCK132oadUBfJoTQ@mail.gmail.com>
	<87k45alwgb.fsf@wanadoo.es>
	<CAAeL0SSKNwjwOdsZkUuRpjF7aK7zb5SYvqVU7jomhcNfEDHCAQ@mail.gmail.com>
	<87fwfyltm1.fsf@wanadoo.es>
	<CAAeL0SRvX2ff_P8HnLzFE_pa4omLaXgvAbWrTNE65riv50HWKw@mail.gmail.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1325474310 8605 80.91.229.12 (2 Jan 2012 03:18:30 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 2 Jan 2012 03:18:30 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jan 02 04:18:27 2012
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1RhYPq-0006Fn-0f
	for ged-emacs-devel@m.gmane.org; Mon, 02 Jan 2012 04:18:26 +0100
Original-Received: from localhost ([::1]:56038 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1RhYPp-0003WD-7I
	for ged-emacs-devel@m.gmane.org; Sun, 01 Jan 2012 22:18:25 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92]:39442)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1RhYPm-0003W4-Da
	for emacs-devel@gnu.org; Sun, 01 Jan 2012 22:18:23 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1RhYPl-0005Hw-8Z
	for emacs-devel@gnu.org; Sun, 01 Jan 2012 22:18:22 -0500
Original-Received: from lo.gmane.org ([80.91.229.12]:49127)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1RhYPk-0005Hj-KW
	for emacs-devel@gnu.org; Sun, 01 Jan 2012 22:18:20 -0500
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1RhYPi-0006CL-Bk
	for emacs-devel@gnu.org; Mon, 02 Jan 2012 04:18:18 +0100
Original-Received: from 225.red-79-147-11.dynamicip.rima-tde.net ([79.147.11.225])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 02 Jan 2012 04:18:18 +0100
Original-Received: from ofv by 225.red-79-147-11.dynamicip.rima-tde.net with local
	(Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Mon, 02 Jan 2012 04:18:18 +0100
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 43
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: 225.red-79-147-11.dynamicip.rima-tde.net
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.91 (gnu/linux)
Cancel-Lock: sha1:HI7+NlKNaN3dmZEKwMlvopLXYTs=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 80.91.229.12
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:147153
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/147153>

Juanma Barranquero <lekktu@gmail.com> writes:

>> Do we implement security only when many users are at risk?
>
> Irrelevant. We've implemented security, we're talking about defaults.

What's the difference?

> And that's what cost-benefit analysis is for. The answer could well be
> yes, if the alternative to "many" is "almost no-one".

You can count me on. See below.

>> Including the GnuTLS binary with the official binary packages shouldn't
>> be too costly, if we consider how rare Emacs releases are.
>
> The moment a serious bug is detected in GnuTLS, you have to issue
> updated packages and get the word out. It's not as easy as you put it.

Granted, that's a considerable side-effect. I've looked at the release
history for GnuTLS and there are lots of them. I don't how many contain
fixes for serious bugs, though.

[snip]

>> Shrugh. Security-wise, this way of thinking is responsible for lots of
>> disasters.
>
> For some definition of "lots", sure.

Directly or indirectly, almost all of them, I would say.

>> I wouldn't detect if someone were eavesdropping my network
>> communications, nor would you.
>
> Considering that I'm in a very small, non-WiFi network behind a rather
> paranoid firewall, trust me: if someone is eavesdropping my network,
> Emacs is the lesser of my troubles.

AFAIK Emacs can use GnuTLS for talking to the outside world too. SMTP,
for instance. There are ISPs (like the one I use) that offer both
encrypted and plain login on their mail servers. That's pretty serious
stuff.