* bug#8069: 23.2.94; auth-source should support ~/.netrc by default
[not found] <mailman.12.1297982231.1785.bug-gnu-emacs@gnu.org>
@ 2011-02-18 0:37 ` Lars Magne Ingebrigtsen
2011-06-30 0:12 ` Lars Magne Ingebrigtsen
2011-02-18 21:50 ` Ted Zlatanov
1 sibling, 1 reply; 5+ messages in thread
From: Lars Magne Ingebrigtsen @ 2011-02-18 0:37 UTC (permalink / raw)
To: Reuben Thomas; +Cc: 8069
Reuben Thomas <rrt@sc3d.org> writes:
> auth-source is trying to encourage users to use ~/.authinfo rather than
> ~/.netrc. This is fine. But many programs and libraries still use
> ~/.netrc (personally, until reading the auth-source manual I had not
> heard of ~/.authinfo).
I don't quite remember why we started using ~/.authinfo instead of
~/.netrc? I think that change was done a long, long time ago. (At
least for nntp.el.) Anybody remember? Was there a technical reason?
This was done in:
66292b12 lisp/nntp.el (Lars Magne Ingebrigtsen 1998-03-07 16:19:30 +0000 243) (defcustom nntp-authinfo-file "~/.authinfo"
and the ChangeLog entry helpfully says
+ * nntp.el (nntp-authinforc-file): Changed default.
Yay me.
But, yes, I think ~/.netrc should be added to the list of auth sources
to consult.
> Carrot: Default to searching ~/.netrc (unencrypted), ~/.authinfo
> (unencrypted), and ~/.authinfo.gpg (encrypted). This means that users
> with an unencrypted file or old-name file are not annoyed.
Agreed.
> By all means create a symlink from ~/.authinfo to ~/.netrc if the
> former doesn’t already exist, and don’t actually search ~/.netrc. (But
> maybe that would create potential security problems of its own.)
Nah. Symlinks shouldn't be necessary.
> Stick: Display a minibuffer warning message when an unencrypted file is
> found. Thus, the user is not actually interrupted (which breeds
> annoyance), but does receive a gentle reminder that encrypted is better.
No, I don't think any reminders are necessary. It's perfectly
reasonable to keep your passwords (for services you don't consider to be
super-secret for you) unencrypted.
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: bug#8069: 23.2.94; auth-source should support ~/.netrc by default
[not found] <mailman.12.1297982231.1785.bug-gnu-emacs@gnu.org>
2011-02-18 0:37 ` bug#8069: 23.2.94; auth-source should support ~/.netrc by default Lars Magne Ingebrigtsen
@ 2011-02-18 21:50 ` Ted Zlatanov
2011-02-22 18:27 ` Ted Zlatanov
1 sibling, 1 reply; 5+ messages in thread
From: Ted Zlatanov @ 2011-02-18 21:50 UTC (permalink / raw)
To: bug-gnu-emacs
On Thu, 17 Feb 2011 22:14:53 +0000 Reuben Thomas <rrt@sc3d.org> wrote:
RT> Carrot: Default to searching ~/.netrc (unencrypted), ~/.authinfo
RT> (unencrypted), and ~/.authinfo.gpg (encrypted). This means that users
RT> with an unencrypted file or old-name file are not annoyed. By all means
RT> create a symlink from ~/.authinfo to ~/.netrc if the former doesn’t
RT> already exist, and don’t actually search ~/.netrc. (But maybe that would
RT> create potential security problems of its own.)
I want the .gpg file first because I really want to push people towards
encrypting sensitive data. Otherwise that's fine and a trivial change
and I'll make it soon.
RT> Stick: Display a minibuffer warning message when an unencrypted file is
RT> found. Thus, the user is not actually interrupted (which breeds
RT> annoyance), but does receive a gentle reminder that encrypted is better.
RT> (You could display a more urgent message, or interrupt the user, if a
RT> world-readable authorisation file is found.)
I don't think auth-source.el should undertake that kind of monitoring.
It's annoying and, when incorrect, *very* annoying.
RT> Note that this suggestion does not affect users who have already
RT> migrated to ~/.authinfo{,.gpg}.
It will do an extra fopen() every time something can't be found, even
when .netrc doesn't exist, so it definitely affects people. I will add
.netrc because it's sensible but I don't like so many file searches.
Ted
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: bug#8069: 23.2.94; auth-source should support ~/.netrc by default
2011-02-18 21:50 ` Ted Zlatanov
@ 2011-02-22 18:27 ` Ted Zlatanov
0 siblings, 0 replies; 5+ messages in thread
From: Ted Zlatanov @ 2011-02-22 18:27 UTC (permalink / raw)
To: bug-gnu-emacs; +Cc: Ding Mailing List
On Fri, 18 Feb 2011 15:50:07 -0600 Ted Zlatanov <tzz@lifelogs.com> wrote:
TZ> On Thu, 17 Feb 2011 22:14:53 +0000 Reuben Thomas <rrt@sc3d.org> wrote:
RT> Carrot: Default to searching ~/.netrc (unencrypted), ~/.authinfo
RT> (unencrypted), and ~/.authinfo.gpg (encrypted). This means that users
RT> with an unencrypted file or old-name file are not annoyed. By all means
RT> create a symlink from ~/.authinfo to ~/.netrc if the former doesn’t
RT> already exist, and don’t actually search ~/.netrc. (But maybe that would
RT> create potential security problems of its own.)
TZ> I want the .gpg file first because I really want to push people towards
TZ> encrypting sensitive data. Otherwise that's fine and a trivial change
TZ> and I'll make it soon.
I added ~/.netrc as the third file by default now. Can I close this
bug, Reuben?
Thanks
Ted
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#8069: 23.2.94; auth-source should support ~/.netrc by default
@ 2011-02-17 22:14 Reuben Thomas
0 siblings, 0 replies; 5+ messages in thread
From: Reuben Thomas @ 2011-02-17 22:14 UTC (permalink / raw)
To: 8069
auth-source is trying to encourage users to use ~/.authinfo rather than
~/.netrc. This is fine. But many programs and libraries still use
~/.netrc (personally, until reading the auth-source manual I had not
heard of ~/.authinfo).
auth-source also wants to encourage users to encrypt their ~/.authinfo
file (indeed, by default it searches ~/.authinfo.gpg, not ~/.authinfo).
The manual actually says “the auth-source library encourages this
confusion”. It is not a good idea to encourage confusion (even if this
remark is made tongue-in-cheek, auth-source’s current behaviour does
indeed encourage confusion).
Hence, I suggest that with a bit of psychological carrot and stick,
auth-source could get closer to its goal:
Carrot: Default to searching ~/.netrc (unencrypted), ~/.authinfo
(unencrypted), and ~/.authinfo.gpg (encrypted). This means that users
with an unencrypted file or old-name file are not annoyed. By all means
create a symlink from ~/.authinfo to ~/.netrc if the former doesn’t
already exist, and don’t actually search ~/.netrc. (But maybe that would
create potential security problems of its own.)
Stick: Display a minibuffer warning message when an unencrypted file is
found. Thus, the user is not actually interrupted (which breeds
annoyance), but does receive a gentle reminder that encrypted is better.
(You could display a more urgent message, or interrupt the user, if a
world-readable authorisation file is found.)
Note that this suggestion does not affect users who have already
migrated to ~/.authinfo{,.gpg}.
In GNU Emacs 23.2.94.1 (i686-pc-linux-gnu, GTK+ Version 2.22.0)
of 2011-02-15 on canta
Windowing system distributor `The X.Org Foundation', version 11.0.10900000
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: nil
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: en_GB.UTF-8
value of $XMODIFIERS: nil
locale-coding-system: utf-8-unix
default enable-multibyte-characters: t
Major mode: Info
Minor modes in effect:
diff-auto-refine-mode: t
recentf-mode: t
show-paren-mode: t
savehist-mode: t
minibuffer-electric-default-mode: t
iswitchb-mode: t
icomplete-mode: t
global-whitespace-mode: t
global-auto-revert-mode: t
desktop-save-mode: t
etags-update-mode: t
mouse-wheel-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-encryption-mode: t
auto-compression-mode: t
column-number-mode: t
line-number-mode: t
transient-mark-mode: t
Recent input:
y y y C-a <help-echo> <down-mouse-1> <mouse-1> C-x
C-f <M-backspace> <M-backspace> L u a / b i t l <tab>
M a k <tab> . a <tab> <backspace> <backspace> <return>
C-x b <return> C-h i C-s a u t o c o n f M-< <down>
<down> <down> <down> <down> <down> <down> <down> <down>
<down> <down> <down> <down> <down> <down> <return>
<down> <down> <down> <down> <down> <down> <down> <down>
<down> <down> <down> <down> <down> <down> <down> <down>
<down> <down> <down> <down> <down> <down> <down> <down>
<down> <down> <down> <down> <down> <down> <down> <down>
<down> <down> <down> <up> <up> <up> <up> <down> <return>
n C-s g p g C-a C-n C-n C-n C-n C-n C-n C-n C-n C-n
C-n C-n C-n C-n C-s E P A C-s C-s C-s C-s C-s C-s C-s
C-s C-s C-s C-a C-s n e t r c C-s C-s C-s C-s C-s C-s
C-s C-s C-s C-s C-s C-s C-s C-s C-a C-s u s e r s '
C-s C-a C-s C-s C-s C-s C-s C-s C-a M-x r e p o r t
- b e <backspace> <backspace> e m a c s - b u g <return>
R <backspace> T y p o SPC i n SPC a u <backspace> <backspace>
" H e l p SPC f o r SPC d e v e l o p e r s " S-SPC
n o d e SPC o f SPC a u t h - s o u r c e SPC m a n
u a l <return> u s e r s C-q ' SPC - > S-SPC u s e
r C-q ' s C-c C-c y e s <return> M-x r e p o r t -
e m a c s - b u g <return>
Recent messages:
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/bbdb
Checking 1 files in /usr/share/emacs/site-lisp/autoconf...
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/auctex
Checking 21 files in /usr/share/emacs/site-lisp/auctex...
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/inform-mode
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/ocaml-mode
Checking for load-path shadows...done
Sending...
Sending via mail...
Sending...done
Load-path shadows:
/home/rrt/.emacs.d/elpa/ruby-mode-1.1/ruby-mode hides /usr/share/emacs-snapshot/site-lisp/ruby1.8-elisp/ruby-mode
/home/rrt/.emacs.d/elpa/css-mode-1.0/css-mode hides /usr/local/share/emacs/23.2.94/site-lisp/css-mode/css-mode
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/link hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/link
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/connection hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/connection
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/dictionary-init hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/dictionary-init
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/dictionary hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/dictionary
/home/rrt/local/share/emacs/site-lisp/dict hides /usr/local/share/emacs/23.2.94/site-lisp/emacs-goodies-el/dict
/home/rrt/.emacs.d/elpa/css-mode-1.0/css-mode hides /usr/local/share/emacs/23.2.94/lisp/textmodes/css-mode
/home/rrt/.emacs.d/elpa/ruby-mode-1.1/ruby-mode hides /usr/local/share/emacs/23.2.94/lisp/progmodes/ruby-mode
/home/rrt/.emacs.d/elpa/css-mode-1.0/css-mode hides /usr/share/emacs/site-lisp/css-mode/css-mode
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-info hides /usr/share/emacs/site-lisp/auctex/tex-info
/usr/local/share/emacs/23.2.94/site-lisp/auctex/context-nl hides /usr/share/emacs/site-lisp/auctex/context-nl
/usr/local/share/emacs/23.2.94/site-lisp/auctex/context-en hides /usr/share/emacs/site-lisp/auctex/context-en
/usr/local/share/emacs/23.2.94/site-lisp/auctex/latex hides /usr/share/emacs/site-lisp/auctex/latex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-mik hides /usr/share/emacs/site-lisp/auctex/tex-mik
/usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/lpath hides /usr/share/emacs/site-lisp/auctex/lpath
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-buf hides /usr/share/emacs/site-lisp/auctex/tex-buf
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-jp hides /usr/share/emacs/site-lisp/auctex/tex-jp
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-bar hides /usr/share/emacs/site-lisp/auctex/tex-bar
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex hides /usr/share/emacs/site-lisp/auctex/tex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/multi-prompt hides /usr/share/emacs/site-lisp/auctex/multi-prompt
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-fptex hides /usr/share/emacs/site-lisp/auctex/tex-fptex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-font hides /usr/share/emacs/site-lisp/auctex/tex-font
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-fold hides /usr/share/emacs/site-lisp/auctex/tex-fold
/usr/local/share/emacs/23.2.94/site-lisp/auctex/texmathp hides /usr/share/emacs/site-lisp/auctex/texmathp
/usr/local/share/emacs/23.2.94/site-lisp/auctex/context hides /usr/share/emacs/site-lisp/auctex/context
/usr/local/share/emacs/23.2.94/site-lisp/auctex/font-latex hides /usr/share/emacs/site-lisp/auctex/font-latex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/bib-cite hides /usr/share/emacs/site-lisp/auctex/bib-cite
/usr/local/share/emacs/23.2.94/site-lisp/auctex/toolbar-x hides /usr/share/emacs/site-lisp/auctex/toolbar-x
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-style hides /usr/share/emacs/site-lisp/auctex/tex-style
Features:
(gnus-msg gnus-art mm-uu mml2015 epg-config mm-view smime dig gnus-sum
nnoo gnus-group gnus-undo nnmail mail-source format-spec gnus-start
gnus-spec gnus-int gnus-range gnus-win gnus gnus-ems shadow sort message
sendmail ecomplete rfc822 mml mml-sec password-cache mm-decode mm-bodies
mm-encode mailcap mail-parse rfc2231 rfc2047 rfc2045 qp ietf-drums
mailabbrev nnheader gnus-util netrc time-date mm-util mail-prsvr
gmm-utils mailheader canlock sha1 hex-util hashcash mail-utils emacsbug
info find-func pp novice autoconf autoconf-mode tar-mode jka-compr
bibtex log-edit pcvs-util add-log diff-git diff-mode vc vc-dispatcher
cperl-mode vc-git mail-extr make-mode tabify inform-mode cus-edit
texmathp preview prv-emacs byte-opt warnings tex-buf noutline outline
font-latex bytecomp byte-compile latex tex-style tex latexenc newcomment
grep compile longlines face-remap flyspell multi-isearch dired-aux dired
help-mode view filladapt completing-help recentf tree-widget wid-edit
uniquify paren savehist minibuf-eldef iswitchb icomplete whitespace
autorevert time cus-start cus-load desktop server php-mode etags
cc-langs cc-mode cc-fonts cc-menus cc-cmds cc-styles cc-align cc-engine
cc-vars cc-defs speedbar sb-image ezimage dframe lua-mode regexp-opt
comint ring ropemacs pymacs smart-quotes ffap ispell etags-update
auto-dictionary-autoloads css-mode-autoloads dictionary-autoloads
diff-git-autoloads dired-isearch-autoloads full-ack-autoloads
guess-style-autoloads js2-mode-autoloads kill-ring-search-autoloads
lambdacalc-autoloads magit-autoloads mv-shell-autoloads
ruby-mode-autoloads tumble-autoloads http-post-simple-autoloads package
reporter advice advice-preload yasnippet help-fns derived edmacro kmacro
easymenu assoc cl cl-19 muse-autoloads emacs-goodies-el
emacs-goodies-custom emacs-goodies-loaddefs easy-mmode bbdb-autoloads
preview-latex tex-site auto-loads tooltip ediff-hook vc-hooks
lisp-float-type mwheel x-win x-dnd font-setting tool-bar dnd fontset
image fringe lisp-mode register page menu-bar rfn-eshadow timer select
scroll-bar mldrag mouse jit-lock font-lock syntax facemenu font-core
frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai
tai-viet lao korean japanese hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help
simple abbrev loaddefs button minibuffer faces cus-face files
text-properties overlay md5 base64 format env code-pages mule custom
widget hashtable-print-readable backquote make-network-process dbusbind
system-font-setting font-render-setting gtk x-toolkit x multi-tty emacs)
--
http://rrt.sc3d.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-06-30 0:12 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <mailman.12.1297982231.1785.bug-gnu-emacs@gnu.org>
2011-02-18 0:37 ` bug#8069: 23.2.94; auth-source should support ~/.netrc by default Lars Magne Ingebrigtsen
2011-06-30 0:12 ` Lars Magne Ingebrigtsen
2011-02-18 21:50 ` Ted Zlatanov
2011-02-22 18:27 ` Ted Zlatanov
2011-02-17 22:14 Reuben Thomas
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.