From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Juanma Barranquero <lekktu@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: GnuTLS for W32
Date: Sat, 7 Jan 2012 14:14:21 +0100
Message-ID: <CAAeL0SQBoBY5fa5wBnzjezYgxU5bxFLARBnpxU97TL=NA4=-Uw@mail.gmail.com>
References: <CAJU7zaKH0NTE7ko6u24gXy9WupsNw+CAvhMdVudzxpXvsY2vig@mail.gmail.com>
	<m3mxa3p5e7.fsf@stories.gnus.org> <87hb0b3yoe.fsf@lifelogs.com>
	<6ED011D5-E185-44C6-BB31-A445A4E5F83A@gmail.com>
	<87wr976otx.fsf@lifelogs.com>
	<E1Rig0X-0005lQ-Pv@fencepost.gnu.org> <87ipkq6yy5.fsf@lifelogs.com>
	<87boqi6tzz.fsf@linux-hvfx.site> <87ehve3ul8.fsf@lifelogs.com>
	<CAAeL0SQuSONPtE45A_vQ=5F4x+J3Shv8AvYOG3woYgqz7_7Q9g@mail.gmail.com>
	<87lipl22xm.fsf@lifelogs.com>
	<CAAeL0SQS8e1zwsj_UUzkbazBHt534e8WVCJ4Row__R4uRn8wXg@mail.gmail.com>
	<87boqh20ha.fsf@lifelogs.com>
	<CAAeL0SSO7JA3QRYYWg6uOUkWsk87BoyZd9JQd4RLjD9yprq=YQ@mail.gmail.com>
	<877h151x01.fsf@lifelogs.com>
	<CAAeL0SQ4CwjfqP6_6e96VMavKZUg74c6FruN=rk=PuZhJfjctQ@mail.gmail.com>
	<87y5tkzzwp.fsf@lifelogs.com>
	<CAAeL0ST76Y75d21LUmagRp3yJHaauLOJeNU9xhTPM_ou7WJfBA@mail.gmail.com>
	<87r4zczwbq.fsf@lifelogs.com>
	<CAAeL0SQyHEWk9NZeyj+9OcczcE3yrELLZ_K01MEqB_3XBx3SAw@mail.gmail.com>
	<87aa60yduw.fsf@lifelogs.com> <87d3av95eg.fsf@gnu.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Trace: dough.gmane.org 1325942133 6769 80.91.229.12 (7 Jan 2012 13:15:33 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sat, 7 Jan 2012 13:15:33 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: Chong Yidong <cyd@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Jan 07 14:15:24 2012
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1RjW76-0004Wa-BT
	for ged-emacs-devel@m.gmane.org; Sat, 07 Jan 2012 14:15:12 +0100
Original-Received: from localhost ([::1]:41973 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1RjW75-0003Mt-El
	for ged-emacs-devel@m.gmane.org; Sat, 07 Jan 2012 08:15:11 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92]:36884)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lekktu@gmail.com>) id 1RjW71-0003Kv-P2
	for emacs-devel@gnu.org; Sat, 07 Jan 2012 08:15:08 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lekktu@gmail.com>) id 1RjW70-0003Z8-TH
	for emacs-devel@gnu.org; Sat, 07 Jan 2012 08:15:07 -0500
Original-Received: from mail-pw0-f41.google.com ([209.85.160.41]:51883)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lekktu@gmail.com>)
	id 1RjW6x-0003V6-PS; Sat, 07 Jan 2012 08:15:03 -0500
Original-Received: by pbdd2 with SMTP id d2so2102592pbd.0
	for <multiple recipients>; Sat, 07 Jan 2012 05:15:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc:content-type:content-transfer-encoding;
	bh=BTDsmRIe3cF6cDwBHWi1JgSjjYyZMSi8PZBnYP+xWzA=;
	b=YpAsdF6hn8EcryirQd7QMvniRBkl4a60F03ZfFaGl4Ld+MUEnH34M4W2MoUU1RbhwL
	BO+wDaYcg0mTUsnWeI+pbJe4XA9Y9Yc7vECXfvn3aDtzTtCy3dpZQHgrx0+v06lJAQOL
	vXhnOO8kI/3KfSLEVHyNtML4JdqYjWqEwjD9I=
Original-Received: by 10.68.191.34 with SMTP id gv2mr23750195pbc.101.1325942102338;
	Sat, 07 Jan 2012 05:15:02 -0800 (PST)
Original-Received: by 10.142.247.28 with HTTP; Sat, 7 Jan 2012 05:14:21 -0800 (PST)
In-Reply-To: <87d3av95eg.fsf@gnu.org>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Received-From: 209.85.160.41
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:147441
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/147441>

On Sat, Jan 7, 2012 at 11:24, Chong Yidong <cyd@gnu.org> wrote:

> - First of all, any change involving distributing GnuTLS with Emacs
> =C2=A0should be post-24.1.
>
> - Phoning home on startup by default is out of the question. =C2=A0[...]
>
> - I am open to improvements to package.el to implement _periodic_ update
> =C2=A0checking, [...]

I 100% agree with all the points above.

> =C2=A0If a really serious security flaw is found in GnuPG, and we are
> =C2=A0distributing GnuPG with Emacs, we should make an Emacs security
> =C2=A0release, exactly as though it was a security flaw in Emacs itself.

I think that's clear. But IMO, in the case we are discussing, we
should not distribute the GnuTLS DLL, just as we don't distribute
libpng or libxml2. If we make it available through ELPA (which I don't
like, but like much more than the alternative), then of course
security releases of the relevant package would be available through
ELPA too.

=C2=A0 =C2=A0 Juanma