From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: GnuTLS for W32 Date: Thu, 05 Jan 2012 12:52:35 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87ehve3ul8.fsf@lifelogs.com> References: <87r4zgsh2w.fsf@wanadoo.es> <87ipks3zbo.fsf@uwakimon.sk.tsukuba.ac.jp> <87boqk3q69.fsf@uwakimon.sk.tsukuba.ac.jp> <87aa634st8.fsf@uwakimon.sk.tsukuba.ac.jp> <87fwfvsgfv.fsf@wanadoo.es> <877h17scdo.fsf@wanadoo.es> <87hb0b77nr.fsf@lifelogs.com> <8739bvs27m.fsf@wanadoo.es> <87ty4b4329.fsf@lifelogs.com> <87hb0b3yoe.fsf@lifelogs.com> <6ED011D5-E185-44C6-BB31-A445A4E5F83A@gmail.com> <87wr976otx.fsf@lifelogs.com> <87ipkq6yy5.fsf@lifelogs.com> <87boqi6tzz.fsf@linux-hvfx.site> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: dough.gmane.org 1325785993 21202 80.91.229.12 (5 Jan 2012 17:53:13 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 5 Jan 2012 17:53:13 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Jan 05 18:53:09 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RirUz-0005WH-0s for ged-emacs-devel@m.gmane.org; Thu, 05 Jan 2012 18:53:09 +0100 Original-Received: from localhost ([::1]:42541 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RirUy-0002r1-Mi for ged-emacs-devel@m.gmane.org; Thu, 05 Jan 2012 12:53:08 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:44613) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RirUr-0002qN-N1 for emacs-devel@gnu.org; Thu, 05 Jan 2012 12:53:07 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RirUl-00062K-NA for emacs-devel@gnu.org; Thu, 05 Jan 2012 12:53:01 -0500 Original-Received: from lo.gmane.org ([80.91.229.12]:56071) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RirUl-00062C-D6 for emacs-devel@gnu.org; Thu, 05 Jan 2012 12:52:55 -0500 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1RirUk-0005Lc-4N for emacs-devel@gnu.org; Thu, 05 Jan 2012 18:52:54 +0100 Original-Received: from c-76-28-40-19.hsd1.vt.comcast.net ([76.28.40.19]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 05 Jan 2012 18:52:54 +0100 Original-Received: from tzz by c-76-28-40-19.hsd1.vt.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 05 Jan 2012 18:52:54 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 72 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: c-76-28-40-19.hsd1.vt.comcast.net User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Cancel-Lock: sha1:vRKtXEVEhDb1DJ87ZKdoZm1jMEo= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:147351 Archived-At: On Thu, 05 Jan 2012 16:37:04 +0100 Lars Ingebrigtsen wrote: LI> Ted Zlatanov writes: >> You're right. Do you agree with the general idea of checking for >> critical updates on startup, though? LI> You didn't ask me, but I certainly do not. I certainly value your opinion. Could you explain why you disagree with checking critical packages (just GnuTLS currently)? How would you propose letting the user know they are out of date, instead of this? On Thu, 5 Jan 2012 15:50:40 +0100 Juanma Barranquero wrote: JB> 2012/1/5 Ted Zlatanov : >> You're right.  Do you agree with the general idea of checking for >> critical updates on startup, though? JB> FWIW, I don't. That is a step (tiny, I know) in the "software as a JB> service" direction. Not at all. It's just a convenience based on our desire to take responsibility for the security of the software we provide. >> Combining (4) and (2) seems most convenient for the users: they will >> have a single installer for all of Emacs (a convenience that goes beyond >> this thread), and they'll get notified on all platforms when GnuTLS is >> out of date. JB> Does that mean that my Emacs is going to automatically try to JB> establish a network connection without asking me? Or that I'm gonna be JB> asked every time? It will be configurable and transparent when possible, but yes, at some point it may ask you once. If we have a W32 installer I'd make it a checkbox during the install. On Thu, 05 Jan 2012 09:14:11 -0500 Eli Zaretskii wrote: >> From: Ted Zlatanov >> I would actually also like to bundle trusted certificates. EZ> Where should they be gotten and how to integrate them with GnuTLS? (Note this is speculative, I don't know for sure we should do this, but certainly on W32 the cert bundle has to come from somewhere.) I think it's safest to use Mozilla's cert bundle but I may sync with Debian's bundle instead. They don't integrate with GnuTLS as a library, but rather they are given to it by gnutls.el. So it would be maintenance and special cases in gnutls.el, not in C code. Our list of certs may diverge from what's built into the OS (e.g. RHEL vs. Debian vs. Mac OS X). There's no way to fix that, we have to let the user choose, and by default use the OS cert bundle when it's feasible. >> If we tell the user to reinstall because GnuTLS is out of date, would >> that be a big burden? EZ> It could be, since Emacs is a large distribution, and GnuTLS libraries EZ> are much smaller in comparison. Maybe the wpatch Joakim mentioned would help here. But yeah, I see the problem, and yet everyone (IIUC) is saying a bundled install is the safest way instead of trying to update DLLs directly. Ted