From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Robert Pluim <rpluim@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#28597: 26.0.60;
	[Security] Configure should use --without-pop by default
Date: Tue, 03 Oct 2017 16:55:51 +0200
Message-ID: <87h8vgl1qg.fsf@gmail.com>
References: <acbc4442-5045-6ecf-e17c-2e007dba0f85@cs.ucla.edu>
	<m2r2ut2sz4.fsf@newartisans.com> <837ewh8x5z.fsf@gnu.org>
	<87ing17akt.fsf@moondust.localdomain> <834lrl75o6.fsf@gnu.org>
	<877ewh74oq.fsf@moondust.localdomain> <83mv5d5ngv.fsf@gnu.org>
	<87fub131om.fsf@moondust.localdomain> <83y3ot1mmi.fsf@gnu.org>
	<ac458a3b-40eb-3a2f-b9e8-2e0fdf7c84ed@cs.ucla.edu>
	<83tvzh1j5n.fsf@gnu.org>
	<9f1de57c-91a7-11bd-3db6-14e14026da99@cs.ucla.edu>
	<87efqkz4n7.fsf@moondust.localdomain>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1507042642 13316 195.159.176.226 (3 Oct 2017 14:57:22 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Tue, 3 Oct 2017 14:57:22 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.60 (gnu/linux)
Cc: jwiegley@gmail.com, Paul Eggert <eggert@cs.ucla.edu>, 28597@debbugs.gnu.org
To: nljlistbox2@gmail.com (N. Jackson)
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Oct 03 16:57:18 2017
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1dzOdA-0002Go-N5
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 03 Oct 2017 16:57:09 +0200
Original-Received: from localhost ([::1]:59014 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1dzOdI-0003cj-60
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 03 Oct 2017 10:57:16 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35950)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dzOd8-0003am-0d
	for bug-gnu-emacs@gnu.org; Tue, 03 Oct 2017 10:57:06 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dzOd4-00080f-4N
	for bug-gnu-emacs@gnu.org; Tue, 03 Oct 2017 10:57:06 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:37801)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dzOd4-00080R-0u
	for bug-gnu-emacs@gnu.org; Tue, 03 Oct 2017 10:57:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dzOd3-0005cl-KE
	for bug-gnu-emacs@gnu.org; Tue, 03 Oct 2017 10:57:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Robert Pluim <rpluim@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 03 Oct 2017 14:57:01 +0000
Resent-Message-ID: <handler.28597.B28597.150704256321534@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 28597
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 28597-submit@debbugs.gnu.org id=B28597.150704256321534
	(code B ref 28597); Tue, 03 Oct 2017 14:57:01 +0000
Original-Received: (at 28597) by debbugs.gnu.org; 3 Oct 2017 14:56:03 +0000
Original-Received: from localhost ([127.0.0.1]:46482 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1dzOc7-0005bG-K0
	for submit@debbugs.gnu.org; Tue, 03 Oct 2017 10:56:03 -0400
Original-Received: from mail-wm0-f42.google.com ([74.125.82.42]:50704)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <rpluim@gmail.com>) id 1dzOc4-0005aj-TT
	for 28597@debbugs.gnu.org; Tue, 03 Oct 2017 10:56:01 -0400
Original-Received: by mail-wm0-f42.google.com with SMTP id u138so17229482wmu.5
	for <28597@debbugs.gnu.org>; Tue, 03 Oct 2017 07:56:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
	h=from:to:cc:subject:references:gmane-reply-to-list:date:in-reply-to
	:message-id:user-agent:mime-version;
	bh=0s3vQhQI8BZztEP0mtJoXuc7H61q2klpRfEozlwKI6A=;
	b=PLYBn3nFi+sLmU4kFOvRTpCq0QQC5iBWezemnjlzhylqq2tm9O6pSgttORh4jrzfp8
	VFx6lPLEDZDnKmQnfcp+C7powINJpxtD4h9aM0k1DRngktbNPG5qBIkHtiAYHfp9svMn
	Y9pmMAtPnzlO8vei90X28bDWnQHl7Uy0sH7s5pmZQ/T1gDDcn/0+odDZH4NifVXCuwmw
	+2jVuGuweVDgbMTtjmwargd897iJDJ/Pj2yZhApwyQuiJ8G7I5yStVWWG79bno6ZV4e4
	KTB5/nBCXOfe5NLvyDzl7jRonEVbQ/f3l7mb/92MzNGVZw+6GRr8MAYrXJMD9s4/oYje
	TWcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:references
	:gmane-reply-to-list:date:in-reply-to:message-id:user-agent
	:mime-version;
	bh=0s3vQhQI8BZztEP0mtJoXuc7H61q2klpRfEozlwKI6A=;
	b=uJ1xJtsIzj7dV4Q7Dpxosoreuip/HnfxD2kuY18FAVUVj5v8+mSNmseCISD4TtA0Mf
	PbZvTdlSy2sWzDKtmr5eZYVELVYnKm47GuidF2cigLEGYKQrCKlx1/O3uFpUF6/Ryo8L
	lYhhQTtoV7SKg+PXLr92RkvpYXt5lbd+hhOPnnZeJ8981hqVOdxGCP4U7W/KAqOOXjBU
	IsHrVGSvB6JGjBntgExgoQH+N86FE0eCLtyWsX/l60Z6XMxNH7UCyahSxAJCgFi3g4bL
	k+FVadRcgve4Q3ei003WRs9okfeVxuFLnyYWUIrorq9WOaZ9kRLPMVCB55fSjkPTUj8z
	misg==
X-Gm-Message-State: AMCzsaWuVIxjNI5NbwNkA2Ik12qAG3RETnd/wzebxVPIWYk8MbSXggUc
	kEzeXIx3lZvwr25ltsnhL+TemQmYl/0=
X-Google-Smtp-Source: AOwi7QDRtHT4IDdfj7H8AleYKZzWVi59/mwirDapiJgY5h6MLM8nYJoc0GYm0jnHTDnkrBhGfvbDqQ==
X-Received: by 10.28.208.129 with SMTP id h123mr5612505wmg.25.1507042554543;
	Tue, 03 Oct 2017 07:55:54 -0700 (PDT)
Original-Received: from rpluim-ubuntu ([149.5.228.1])
	by smtp.gmail.com with ESMTPSA id v3sm4016373wra.39.2017.10.03.07.55.52
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 03 Oct 2017 07:55:53 -0700 (PDT)
Gmane-Reply-To-List: yes
In-Reply-To: <87efqkz4n7.fsf@moondust.localdomain> (N. Jackson's message of
	"Tue, 03 Oct 2017 10:29:16 -0400")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:137832
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/137832>

nljlistbox2@gmail.com (N. Jackson) writes:

> At 16:20 -0700 on Monday 2017-10-02, Paul Eggert wrote:
>>
>> On 10/02/2017 11:47 AM, Eli Zaretskii wrote:
>>
>>> nagging users each time they invoke movemail to fetch via POP3
>>> is IMO unacceptable.
>>
>> Yes, that suggestion is problematic.
>
> Just for the record, I explicitly stated in my suggestion to warm
> the user (rather than just the builder) that Emacs should _not_ nag
> the user every time.
>
> I was thinking of disabling the commands in question in the case
> that they will be insecure and prompting along the lines of:
>
>   You have typed abc, invoking disabled command xyz.
>

Except that there's not a single specific command that retrieves mail
via POP3, it's wired into the guts of rmail, and I'd rather not touch
that.

This is all starting to sound like overkill compared to simply warning
the builder, especially since people who package emacs can easily add
GNU Mailutils as a dependency, and people who build their own emacs
should read and react to the warning messages that I proposed earlier.

Robert