From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ivan Shmakov <ivan@siamics.net>
Newsgroups: gmane.emacs.devel
Subject: Re: Network Security Manager merge time?
Date: Wed, 19 Nov 2014 20:00:36 +0000
Message-ID: <87fvdf2c63.fsf@violet.siamics.net>
References: <m3r3wzrwia.fsf@stories.gnus.org> <87lhn7cfe0.fsf@lifelogs.com>
	<m37fyr3zf0.fsf@stories.gnus.org> <87egszcd3i.fsf@lifelogs.com>
	<m3tx1vhy17.fsf@stories.gnus.org> <87h9xvavjm.fsf@lifelogs.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1416427264 6616 80.91.229.3 (19 Nov 2014 20:01:04 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 19 Nov 2014 20:01:04 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Nov 19 21:00:58 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XrBQv-0002va-Bv
	for ged-emacs-devel@m.gmane.org; Wed, 19 Nov 2014 21:00:57 +0100
Original-Received: from localhost ([::1]:60425 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XrBQu-0000sQ-US
	for ged-emacs-devel@m.gmane.org; Wed, 19 Nov 2014 15:00:56 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37550)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ivan@siamics.net>) id 1XrBQp-0000rK-6n
	for emacs-devel@gnu.org; Wed, 19 Nov 2014 15:00:52 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ivan@siamics.net>) id 1XrBQl-0007od-5e
	for emacs-devel@gnu.org; Wed, 19 Nov 2014 15:00:51 -0500
Original-Received: from fely.am-1.org ([2a01:4f8:d15:1b86::2]:47663)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ivan@siamics.net>) id 1XrBQk-0007nq-MQ
	for emacs-devel@gnu.org; Wed, 19 Nov 2014 15:00:47 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net;
	s=a2013295; 
	h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From;
	bh=iRpljkdO/n9txSgYd1ghPSTNG1D6EggKwRi/CPReiHM=; 
	b=dar7G3FirK+lfCXmv0HvrKtZ+mLK8h87iRutym3btDNSzNzZIP4p0ynkXXk6bBJnxq7EPp8hIQRH4vV8Brp2YYKVj4Q2ZecLRZxDhvZE0i6kUj60wx4N5zTyWjMIGCi08GrEgcuHwsHeusxZ/qyFGRzG5wIPSWRg0u0iLbLNR2Y=;
Original-Received: from [2a02:2560:6d4:26ca::1:1d] (helo=violet.siamics.net)
	by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80) (envelope-from <ivan@siamics.net>) id 1XrBQi-00071W-B6
	for emacs-devel@gnu.org; Wed, 19 Nov 2014 20:00:44 +0000
Original-Received: from localhost ([::1] helo=violet.siamics.net)
	by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80) (envelope-from <ivan@siamics.net>) id 1XrBQb-00079p-7y
	for emacs-devel@gnu.org; Thu, 20 Nov 2014 03:00:37 +0700
In-Reply-To: <87h9xvavjm.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 19
	Nov 2014 13:34:53 -0500")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a01:4f8:d15:1b86::2
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:177810
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/177810>

>>>>> "TZ" =3D=3D Ted Zlatanov <tzz@lifelogs.com> writes:
>>>>> On Wed, 19 Nov 2014 18:59:16 +0100 Lars Magne Ingebrigtsen wrote:
>>>>> Ted Zlatanov <tzz@lifelogs.com> writes:

 TZ> I'd rather deprecate it in favor of `nsm-security-level',
 TZ> especially if you're OK with the ability to set the level per host
 TZ> or subnet, and per service.  The `gnutls-verify-error' checks are
 TZ> all 'medium I think.

 LMI> I can imagine that some people would rather leave all this up to
 LMI> gnutls...

 TZ> As far as user-level customization, I'd rather not have multiple
 TZ> variables.  The checks will be done the same way, just based on
 TZ> `network-security-level' instead of specific checkboxes like now.

	I have gnutls-verify-error set in my ~/.emacs.  After I upgrade
	to an NSM-enabled Emacs, how exactly will it get mapped to the
	NSM settings?

[=E2=80=A6]

 TZ> I was going to say it doesn't for me on Ubuntu, but apparently in
 TZ> the last N months+years the default has changed quietly.  So now I
 TZ> have no idea how many of my known_hosts are for virtual machines or
 TZ> other disposable SSH servers.  Grrrrrrreat.  Ah, here's why, from
 TZ> the ssh_config man page:

 TZ> Note that the Debian openssh-client package sets several options as
 TZ> standard in /etc/ssh/ssh_config which are not the default in
 TZ> ssh(1): ...  =C2=B7 HashKnownHosts yes =C2=B7 GSSAPIAuthentication yes

	I=E2=80=99m pretty sure that this setting was there for years.  Why, the
	earliest hashed ~/.ssh/known_hosts entries I=E2=80=99m able to find in
	my backups right now date back to March, 2008.

 TZ> I'll be disabling that one...

	FWIW, I tend to have reservations when it comes to software
	editing my configuration files on their own.  Thus, I=E2=80=99ve ended
	up making known_hosts read-only, and adding ssh-keyscan(1) data
	to it manually as necessary.

--=20
FSF associate member #7257  np. Coming Home =E2=80=94 Iron Maiden   =E2=80=
=A6 B6A0 230E 334A