From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: auth-source change default spec Date: Tue, 1 May 2012 08:41:49 +1000 Message-ID: References: <87zk9to1bh.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1335825721 12083 80.91.229.3 (30 Apr 2012 22:42:01 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 30 Apr 2012 22:42:01 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue May 01 00:42:00 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1SOzI6-0000b5-TY for ged-emacs-devel@m.gmane.org; Tue, 01 May 2012 00:41:59 +0200 Original-Received: from localhost ([::1]:50076 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SOzI6-0002Yr-8G for ged-emacs-devel@m.gmane.org; Mon, 30 Apr 2012 18:41:58 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:57639) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SOzI2-0002Yl-Sw for emacs-devel@gnu.org; Mon, 30 Apr 2012 18:41:56 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SOzI0-0002e9-Ls for emacs-devel@gnu.org; Mon, 30 Apr 2012 18:41:54 -0400 Original-Received: from mail-ob0-f169.google.com ([209.85.214.169]:46210) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SOzI0-0002dA-Cq for emacs-devel@gnu.org; Mon, 30 Apr 2012 18:41:52 -0400 Original-Received: by obbwd18 with SMTP id wd18so2140393obb.0 for ; Mon, 30 Apr 2012 15:41:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=xRGQ5qL7JobdJD6wxHAZDrD7uvjZbHxdVMEI6IrK/l8=; b=xfDWLeRIfHMN7QnhUYz5BpB9/c7h87APwxfcH0R26dobi7slPKjC5m44WjKy4l7dc9 xsYjWmS9axZVDNZF2TjnCz5M8oBDJoG3KhpkXhuV0TvKw0x7md43/U/Al0NSgmXdx8ke QLySypyor3tfxyFSi9PPEBcjGkdO/eA+uVtpwl8E31X7yqwLwbRicgZGqKXyBjnzjgyK GFmgdSYFF9RJouUiLLO+bvYtBl+/ONh7aelnz8QlQ/r4gjEX7D2e6HKQM07BrS7ehe3U GmNf03gYmZoBFtxuOQxohjbACb3Xv8YgSs8XRlagKnmXxd3DilAHUCMsgxDq+RDcZdym n5Rw== Original-Received: by 10.182.51.41 with SMTP id h9mr221088obo.7.1335825709597; Mon, 30 Apr 2012 15:41:49 -0700 (PDT) Original-Received: by 10.182.75.162 with HTTP; Mon, 30 Apr 2012 15:41:49 -0700 (PDT) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 209.85.214.169 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:150166 Archived-At: Hi Ted, I looked at that bug report and I think the options you offered were good. I disagree with the useability argument i.e. that asking the user to enter their gpg passphrase in order to search their .authinfo.gpg file is too much to ask and that if firefox doesnt use encrypted files to store passwords why should we. Security always has a small element of inconvenience and asking to enter a passphrase is not too much. Just because firefox uses poor practice in storing sensitive data doesn't justify emacs doing the same. For me, the main question relating to this and usability is to what extent other platforms, like windows, will have the necessary encryption facilities available such that having the encrypted version as default will not result in really broken or inconvenient behaviour for them. Not being a windows user, I cannot assess this issue. However, this is perhaps getting off point for my main issue. Regardless of the style of authinfo file being used, my issue is that the library appears to only use the first choice in the auth-sources list even when it knows (at least should) there is a gpg file. In this situation, it should default to the gpg version, not to the first item in the auth-sources spec. Make not mistake, the current way things work does cause problems for users. A couple of us recently spent some hours trying to work out why things were breaking after changing some code to use auth-sources. Unfortunately,, I don't think asking the user to edit the auth-sources list is the right answer. Some packages will automatically create entries for authinfo. It is likely they are unaware of auth-sources or the configuration variables. Asking them to modify the default is possibly expecting too much. I think this can be resolved fairly easily. If auth-sources has already found a .authinfo.gpg file in it's initial search, then that should become the default file to sotre new credentials, regardless of what is first in auth-sources. In addition, it would be good to allow the user to hange the destination filename at the prompt when asked if they want to save the current credentials. Not also, the auth-sources manual is a bit misleading. It states that the gpg version will be searched first. If I understand correctly, this is not the case - it depends on auth-sources. I will also need to check the meaning of :max 1 - I thought that meant the search should return a maximum of one result, not, as seems to be implied by the text in that bug report, that the library would only search a max of 1 file. Another (less desirable) solution would be for the library to continue to search all files until either it found a match or ran out of files. This would at least stop the bug we ran into beause auth-source created a .authinfo file when we already had an .authinfo.gpg file. Having said all that, the library is a good addittion and I appreciate the work which has gone into it. Tim On 30 April 2012 22:51, Richard Riley wrote: > Ted Zlatanov writes: > >> On Sat, 28 Apr 2012 10:45:37 +1000 Tim Cross wro= te: >> >> TC> I've recently run into a minor problem with the auth-source library >> TC> which I think is due to the default SPEC for auth-sources. I wanted >> TC> some feedbak before logging a bug request and also wanted to make th= is >> TC> possible issue visible asap given the need to get defaults sorted fo= r >> TC> the next release. >> >> TC> The current default sorces spec (taken from recent emacs bzr sources= ) is >> >> TC> ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc") >> >> TC> I think it should be changed to have .authinfo.gpg first in the >> TC> list. >> >> Could you please read through Emacs bug #9113? =A0It deals with this iss= ue >> at length. >> >> http://comments.gmane.org/gmane.emacs.bugs/49377 >> >> I had the .gpg file first originally and would still like it to be >> first, but the objections are quite reasonable. >> >> TC> The reason is that if you already have a .authinfo.gpg file and then >> TC> attempt to access a resource for which you don't yet have credential= s >> TC> and the search criteria specifies the :create option, because >> TC> .authinfo is first, it will attempt to save the credentials in the >> TC> .authinfo file and not .authinfo.gpg. If you have things configured = to >> TC> ask if you want to save (the default) it will ask if you want to sav= e >> TC> to .authinfo even when it is aware you have a .authinfo.gpg file. It >> TC> does not appear to give you an option to change this. =A0If you just >> TC> accept the defaults and you do use .authinfo.gpg, things will break >> TC> when you add new credentials because it will create a .authinfo >> TC> file. >> >> I don't think anything is broken. =A0auth-source is simply respecting >> `auth-sources' as it's supposed to. =A0Preferring the second source >> because of some attribute (e.g. "it has the .gpg extension") is much >> worse in terms of usability. > > I would strongly disagree. I would expect it should default to the most > secure. And allow fall through on the search. Should you really want, > for some really obscure reason, to prefer a plain text file for secure > passwords over the .gpg then some sort of override could be > implemented. I know I'd be pretty miffed if I saved passwords thinking > they were going into .gpg only to have them read out to me at a later > date by someone who got hold of the plaintext file. > > > > > > --=20 Tim Cross