From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Chong Yidong <cyd@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: GnuTLS for W32
Date: Sat, 07 Jan 2012 18:24:39 +0800
Message-ID: <87d3av95eg.fsf@gnu.org>
References: <CAJU7zaKH0NTE7ko6u24gXy9WupsNw+CAvhMdVudzxpXvsY2vig@mail.gmail.com>
	<m3mxa3p5e7.fsf@stories.gnus.org> <87hb0b3yoe.fsf@lifelogs.com>
	<6ED011D5-E185-44C6-BB31-A445A4E5F83A@gmail.com>
	<87wr976otx.fsf@lifelogs.com> <E1Rig0X-0005lQ-Pv@fencepost.gnu.org>
	<87ipkq6yy5.fsf@lifelogs.com> <87boqi6tzz.fsf@linux-hvfx.site>
	<87ehve3ul8.fsf@lifelogs.com>
	<CAAeL0SQuSONPtE45A_vQ=5F4x+J3Shv8AvYOG3woYgqz7_7Q9g@mail.gmail.com>
	<87lipl22xm.fsf@lifelogs.com>
	<CAAeL0SQS8e1zwsj_UUzkbazBHt534e8WVCJ4Row__R4uRn8wXg@mail.gmail.com>
	<87boqh20ha.fsf@lifelogs.com>
	<CAAeL0SSO7JA3QRYYWg6uOUkWsk87BoyZd9JQd4RLjD9yprq=YQ@mail.gmail.com>
	<877h151x01.fsf@lifelogs.com>
	<CAAeL0SQ4CwjfqP6_6e96VMavKZUg74c6FruN=rk=PuZhJfjctQ@mail.gmail.com>
	<87y5tkzzwp.fsf@lifelogs.com>
	<CAAeL0ST76Y75d21LUmagRp3yJHaauLOJeNU9xhTPM_ou7WJfBA@mail.gmail.com>
	<87r4zczwbq.fsf@lifelogs.com>
	<CAAeL0SQyHEWk9NZeyj+9OcczcE3yrELLZ_K01MEqB_3XBx3SAw@mail.gmail.com>
	<87aa60yduw.fsf@lifelogs.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1325931898 13417 80.91.229.12 (7 Jan 2012 10:24:58 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sat, 7 Jan 2012 10:24:58 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Jan 07 11:24:55 2012
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1RjTSI-0003as-Ux
	for ged-emacs-devel@m.gmane.org; Sat, 07 Jan 2012 11:24:55 +0100
Original-Received: from localhost ([::1]:57146 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1RjTSI-0000bG-G2
	for ged-emacs-devel@m.gmane.org; Sat, 07 Jan 2012 05:24:54 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92]:42390)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <cyd@gnu.org>)
	id 1RjTSG-0000bB-5n
	for emacs-devel@gnu.org; Sat, 07 Jan 2012 05:24:53 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cyd@gnu.org>) id 1RjTSE-0008Hq-Tx
	for emacs-devel@gnu.org; Sat, 07 Jan 2012 05:24:52 -0500
Original-Received: from fencepost.gnu.org ([140.186.70.10]:38538)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <cyd@gnu.org>)
	id 1RjTSE-0008Hl-RC
	for emacs-devel@gnu.org; Sat, 07 Jan 2012 05:24:50 -0500
Original-Received: from bb220-255-176-96.singnet.com.sg ([220.255.176.96]:48301
	helo=furball)
	by fencepost.gnu.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <cyd@gnu.org>) id 1RjTSD-0003O0-7p
	for emacs-devel@gnu.org; Sat, 07 Jan 2012 05:24:50 -0500
In-Reply-To: <87aa60yduw.fsf@lifelogs.com> (Ted Zlatanov's message of "Fri, 06
	Jan 2012 11:50:31 -0500")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 140.186.70.10
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:147438
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/147438>

Ted Zlatanov <tzz@lifelogs.com> writes:

> On Fri, 6 Jan 2012 16:47:56 +0100 Juanma Barranquero <lekktu@gmail.com> wrote:
>
> JB> Anyway, I think the dead equine has been beaten to a pulp and turned
> JB> into fertilizer. We don't really advance anything rehashing the same
> JB> arguments again and again, IMHO. YMMV.
>
> I appreciate your opinions and hope we can find some middle ground that
> will satisfy everyone's expectations.

Here are my thoughts:

- First of all, any change involving distributing GnuTLS with Emacs
  should be post-24.1.

- Phoning home on startup by default is out of the question.  There are
  lots of users with the "open Emacs many times" usage pattern, even
  though that usage pattern is discouraged.  Accessing the network for
  each startup would be unreasonable, quite apart from the privacy
  concerns (GNU knows each time you launch Emacs!)

- I am open to improvements to package.el to implement _periodic_ update
  checking, and improvements to check for updates in M-x list-packages.
  It is probably not too difficult to add some infrastructure to
  highlight "strongly recommended updates" in the Package Menu.

- I agree with Lars' point that

> I don't really see that there's much of a difference between bugs in
> libgnutls and in the Emacs binary proper.  If a major security hole was
> discovered in Emacs, then presumably a new Emacs release would be made.
> If a major libgnutls hole was discovered, then presumably someone would
> zip up a new Windows release.

  If a really serious security flaw is found in GnuPG, and we are
  distributing GnuPG with Emacs, we should make an Emacs security
  release, exactly as though it was a security flaw in Emacs itself.