Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5
Date: Wed, 05 Feb 2014 02:00:49 -0500	[thread overview]
Message-ID: <87y51qcace.fsf@lifelogs.com> (raw)
In-Reply-To: jwvk3dajo2w.fsf-monnier+emacs@gnu.org

On Tue, 04 Feb 2014 21:28:00 -0500 Stefan Monnier <monnier@iro.umontreal.ca> wrote: 

>> The past few years I've argued for a few, and they've all been "free"
SM> They look free on the surface, but they're not free.

Users' time is not free either.  When you make them set up
infrastructure, install programs, learn other tools, and so on, that's a
burden too, and I think it's dishonest to say only developers' time
matters.

You wanted use cases, you got them.  At this point your objection to
using more of the GnuTLS API seems to be "because I want FFI."  You'll
get it, and I'll work on it.  I just think FFI is the wrong way to bring
in the GnuTLS ciphers and hashes.

SM> I want to move this outside the core, specifically so these things can
SM> develop much more rapidly.

Please see my objection to loose coupling of encryption primitives in
particular.  They are not regular features and they won't change often
at all.  This is a very low-risk addition to the core.

On Wed, 05 Feb 2014 14:11:59 +0900 Daiki Ueno <ueno@gnu.org> wrote: 

DU> On the other hand, who will trust such encrypting code written by a
DU> guy with no crypto/security background?
...
DU> As far as I know, only projects that have gotten problems with EPG were
DU> written by the same author who never try to understand the concepts of
DU> EPG/GPG and repeatedly pushes his own fancy crypto ideas with
DU> hypothetical use-cases.

Right.  Shelling out to an external binary every time you want to verify
a package's signature or want to encrypt/decrypt/sign data makes perfect
sense.

Blindly entering your passphrase in an anonymous popup that says it's
from the GnuPG agent is how things are done.

Trusting loosely coupled components is standard industry practice.

Forcing users to do all of that, or "no encryption for you" is for their
own good, on every platform where Emacs runs, from Android to W32 to Mac
OS X to many flavors of Unix.  Users are just too stupid to decide these
things on their own.

Is that how experts with a crypto/security background do it?  I'm
understanding now.

Ted

next prev parent reply	other threads:[~2014-02-05  7:00 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-03 22:36 Wherein I argue for the inclusion of libnettle in Emacs 24.5 Lars Ingebrigtsen
2014-02-04  3:21 ` Stefan Monnier
2014-02-04 13:07   ` Ted Zlatanov
2014-02-04 14:44     ` Stephen J. Turnbull
2014-02-04 18:36       ` Ted Zlatanov
2014-02-04 22:44   ` Lars Ingebrigtsen
2014-02-05  2:28     ` Stefan Monnier
2014-02-05  2:39       ` Lars Ingebrigtsen
2014-02-05  7:00       ` Ted Zlatanov [this message]
2014-02-05  8:13         ` Stephen J. Turnbull
2014-02-05 13:41           ` Ted Zlatanov
2014-02-05 15:50             ` andres.ramirez
2014-02-05 17:00             ` chad
2014-02-05 18:55               ` Ted Zlatanov
2014-02-06  5:03             ` Stephen J. Turnbull
2014-02-06 11:49               ` Ted Zlatanov
2014-02-06 13:03                 ` Stefan Monnier
2014-02-06 14:28                   ` Ted Zlatanov
2014-02-06 15:05                 ` Stephen J. Turnbull
2014-02-06 15:54                   ` Ted Zlatanov
2014-02-07  2:06                     ` Stephen J. Turnbull
2014-02-07  6:51                       ` David Kastrup
2014-02-07  7:15                         ` Stephen J. Turnbull
2014-02-07  8:53                           ` David Kastrup
2014-02-07 10:00                             ` Stephen J. Turnbull
2014-02-07 10:49                               ` David Kastrup
2014-02-07 20:43                                 ` Stephen J. Turnbull
2014-02-07 21:42                                   ` Ted Zlatanov
2014-02-07 22:23                                     ` Stephen J. Turnbull
2014-02-07 15:30                               ` Ted Zlatanov
2014-02-07  9:07                     ` Daiki Ueno
2014-02-07 11:54                       ` Ted Zlatanov
2014-02-08  8:11                         ` Daiki Ueno
2014-02-08 16:59                           ` Ted Zlatanov
2014-02-05  8:19         ` Daiki Ueno
2014-02-04 13:10 ` Ted Zlatanov
2014-02-04 16:27   ` Paul Eggert
2014-02-04 18:32     ` Ted Zlatanov
2014-02-04 19:04       ` Paul Eggert
2014-02-04 20:11         ` Ted Zlatanov
2014-02-04 21:46           ` Paul Eggert
2014-02-04 22:44             ` Ted Zlatanov
2014-02-04 22:36           ` Lars Ingebrigtsen
2014-02-05  5:11             ` Daiki Ueno

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87y51qcace.fsf@lifelogs.com \
    --to=tzz@lifelogs.com \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.