From: Ivan Shmakov <ivan@siamics.net>
To: emacs-devel@gnu.org
Subject: Re: Network Security Manager merge time?
Date: Wed, 19 Nov 2014 20:00:36 +0000 [thread overview]
Message-ID: <87fvdf2c63.fsf@violet.siamics.net> (raw)
In-Reply-To: <87h9xvavjm.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 19 Nov 2014 13:34:53 -0500")
>>>>> "TZ" == Ted Zlatanov <tzz@lifelogs.com> writes:
>>>>> On Wed, 19 Nov 2014 18:59:16 +0100 Lars Magne Ingebrigtsen wrote:
>>>>> Ted Zlatanov <tzz@lifelogs.com> writes:
TZ> I'd rather deprecate it in favor of `nsm-security-level',
TZ> especially if you're OK with the ability to set the level per host
TZ> or subnet, and per service. The `gnutls-verify-error' checks are
TZ> all 'medium I think.
LMI> I can imagine that some people would rather leave all this up to
LMI> gnutls...
TZ> As far as user-level customization, I'd rather not have multiple
TZ> variables. The checks will be done the same way, just based on
TZ> `network-security-level' instead of specific checkboxes like now.
I have gnutls-verify-error set in my ~/.emacs. After I upgrade
to an NSM-enabled Emacs, how exactly will it get mapped to the
NSM settings?
[…]
TZ> I was going to say it doesn't for me on Ubuntu, but apparently in
TZ> the last N months+years the default has changed quietly. So now I
TZ> have no idea how many of my known_hosts are for virtual machines or
TZ> other disposable SSH servers. Grrrrrrreat. Ah, here's why, from
TZ> the ssh_config man page:
TZ> Note that the Debian openssh-client package sets several options as
TZ> standard in /etc/ssh/ssh_config which are not the default in
TZ> ssh(1): ... · HashKnownHosts yes · GSSAPIAuthentication yes
I’m pretty sure that this setting was there for years. Why, the
earliest hashed ~/.ssh/known_hosts entries I’m able to find in
my backups right now date back to March, 2008.
TZ> I'll be disabling that one...
FWIW, I tend to have reservations when it comes to software
editing my configuration files on their own. Thus, I’ve ended
up making known_hosts read-only, and adding ssh-keyscan(1) data
to it manually as necessary.
--
FSF associate member #7257 np. Coming Home — Iron Maiden … B6A0 230E 334A
next prev parent reply other threads:[~2014-11-19 20:00 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-19 16:22 Network Security Manager merge time? Lars Magne Ingebrigtsen
2014-11-19 16:40 ` Ted Zlatanov
2014-11-19 16:53 ` Lars Magne Ingebrigtsen
2014-11-19 17:30 ` Ted Zlatanov
2014-11-19 17:59 ` Lars Magne Ingebrigtsen
2014-11-19 18:34 ` Ted Zlatanov
2014-11-19 20:00 ` Ivan Shmakov [this message]
2014-11-19 20:25 ` Ted Zlatanov
2014-11-19 21:41 ` Ted Zlatanov
2014-11-21 11:29 ` Lars Magne Ingebrigtsen
2014-11-25 14:20 ` Ted Zlatanov
2014-11-25 16:30 ` Lars Magne Ingebrigtsen
2014-11-25 16:46 ` Ted Zlatanov
2014-11-25 17:08 ` Lars Magne Ingebrigtsen
2014-11-25 18:20 ` intrusive changes Ivan Shmakov
2014-11-30 13:51 ` Stefan Monnier
2014-11-30 15:12 ` Ivan Shmakov
2014-11-30 18:07 ` Stefan Monnier
2014-12-02 10:03 ` Ivan Shmakov
2014-12-02 13:50 ` Stefan Monnier
2014-11-19 18:22 ` Network Security Manager merge time? Lars Magne Ingebrigtsen
2014-11-19 20:46 ` Eli Zaretskii
2014-11-19 20:54 ` Lars Magne Ingebrigtsen
2014-11-19 20:58 ` Lars Magne Ingebrigtsen
2014-11-19 21:18 ` Eli Zaretskii
2014-11-20 8:42 ` Lars Magne Ingebrigtsen
2014-11-20 16:16 ` Eli Zaretskii
2014-11-19 17:28 ` Robert Pluim
2014-11-19 17:50 ` Lars Magne Ingebrigtsen
2014-11-19 19:51 ` Robert Pluim
2014-11-19 19:56 ` Lars Magne Ingebrigtsen
2014-11-19 20:06 ` Robert Pluim
2014-11-19 20:20 ` Lars Magne Ingebrigtsen
2014-11-19 20:25 ` Lars Magne Ingebrigtsen
2014-11-19 20:26 ` Robert Pluim
2014-11-19 20:32 ` Lars Magne Ingebrigtsen
2014-11-20 8:00 ` Robert Pluim
2014-11-20 8:43 ` Lars Magne Ingebrigtsen
2014-11-20 9:04 ` Robert Pluim
2014-11-20 10:39 ` Lars Magne Ingebrigtsen
2014-11-20 11:34 ` Robert Pluim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fvdf2c63.fsf@violet.siamics.net \
--to=ivan@siamics.net \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.