From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credentials Date: Mon, 15 Jun 2009 09:40:53 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87eitlef0q.fsf@lifelogs.com> References: <87r5xpia2a.fsf@lifelogs.com> <87hbyl17un.fsf@sandpframing.com> <877hze1fpg.fsf@sandpframing.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1245078036 12084 80.91.229.12 (15 Jun 2009 15:00:36 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 15 Jun 2009 15:00:36 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jun 15 17:00:33 2009 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1MGDfk-0006V8-GE for ged-emacs-devel@m.gmane.org; Mon, 15 Jun 2009 17:00:33 +0200 Original-Received: from localhost ([127.0.0.1]:33310 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MGDfj-0002Yy-Sw for ged-emacs-devel@m.gmane.org; Mon, 15 Jun 2009 11:00:31 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MGDNB-0001W7-JW for emacs-devel@gnu.org; Mon, 15 Jun 2009 10:41:21 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MGDN5-0001Sq-4F for emacs-devel@gnu.org; Mon, 15 Jun 2009 10:41:19 -0400 Original-Received: from [199.232.76.173] (port=34287 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MGDN4-0001SW-72 for emacs-devel@gnu.org; Mon, 15 Jun 2009 10:41:14 -0400 Original-Received: from main.gmane.org ([80.91.229.2]:50363 helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MGDN3-0000QO-PJ for emacs-devel@gnu.org; Mon, 15 Jun 2009 10:41:14 -0400 Original-Received: from list by ciao.gmane.org with local (Exim 4.43) id 1MGDMw-0000Yh-UO for emacs-devel@gnu.org; Mon, 15 Jun 2009 14:41:07 +0000 Original-Received: from 38.98.147.130 ([38.98.147.130]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 15 Jun 2009 14:41:06 +0000 Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 15 Jun 2009 14:41:06 +0000 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 49 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 38.98.147.130 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) Cancel-Lock: sha1:az2gI7NbQJUeDdHCy0y1avNbw8I= X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org X-Spam-Report: 5.1 points; * 0.0 RCVD_BY_IP Received by mail server with no name * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 1.1 SUBJ_HAS_UNIQ_ID Subject contains a unique ID * -0.0 SPF_PASS SPF: sender matches SPF record * 4.0 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO Xref: news.gmane.org gmane.emacs.devel:111523 Archived-At: On Sun, 14 Jun 2009 20:52:11 -0400 MON KEY wrote: MK> Ted Zlatanov writes: >> MK> Please see my post elsewhere on this thread vis a vis imap.el >> >> I don't think it's necessary to have the debugging facilities of >> imap.el, because auth-source.el does not have so much external MK> The langauge of those two defcustom forms is quite communicative re: MK> logging/debugging and do well to extend clarity when informing the user just MK> how much rope he has been given. IIWM I would adopt the same or similar MK> tone with any such revisions/additions made to auth-sources defcustom MK> related docs. You mean something like this, perhaps: "If non-nil, log the authentication tokens obtained by auth-source into `*Messages*'. Note that username, passwords and other privacy sensitive information may be stored in the *Messages* buffer. It is not written to disk, but it is visible to all Emacs code and some other attacks (depending on your OS). Do not enable this variable unless you are comfortable with that. Also see `auth-source-hide-passwords'." (BTW, auth-source-hide-passwords defaults to t and does what you'd expect) I think more information should be in the documentation (auth.texi) and not in the variable docstrings, but a more verbose explanation is definitely a good thing. >> interaction that needs to be debugged. There's just three places where >> messages are emitted right now. Just auth-source-debug as a boolean, MK> Its not the amount (or lack thereof), but rather the manner in which MK> the logging/debugging occurs and _how_ the user is made aware of bot MK> the existence of such facilities and the potential pitfalls of their MK> use. auth-source.el is only relevant if the user has configured `auth-sources' explicitly or has an ~/.authinfo.gpg file (AFAIK this file is not a convention for any other package within or outside Emacs). I think this mitigates the security risk significantly, because the user has to be aware of auth-source.el in order to use it. Note also my patch disables auth-source.el logging by default. Ted