From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: auth-source change default spec Date: Sat, 28 Apr 2012 18:46:21 +1000 Message-ID: References: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1335602790 16444 80.91.229.3 (28 Apr 2012 08:46:30 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sat, 28 Apr 2012 08:46:30 +0000 (UTC) To: Emacs developers Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Apr 28 10:46:29 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1SO3IS-0004fd-SO for ged-emacs-devel@m.gmane.org; Sat, 28 Apr 2012 10:46:28 +0200 Original-Received: from localhost ([::1]:43031 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SO3IS-0000z2-Am for ged-emacs-devel@m.gmane.org; Sat, 28 Apr 2012 04:46:28 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:35185) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SO3IP-0000ya-J0 for emacs-devel@gnu.org; Sat, 28 Apr 2012 04:46:26 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SO3IN-000442-On for emacs-devel@gnu.org; Sat, 28 Apr 2012 04:46:25 -0400 Original-Received: from mail-lb0-f169.google.com ([209.85.217.169]:57344) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SO3IN-00043v-Ea for emacs-devel@gnu.org; Sat, 28 Apr 2012 04:46:23 -0400 Original-Received: by lbjn8 with SMTP id n8so721918lbj.0 for ; Sat, 28 Apr 2012 01:46:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=Cv1DsIDbLyqY1BSLw1RsCc8KmdU4LSVHf6VTxfO7uPg=; b=MSja2qgPRrr/cv9Zsj+SsvI7qpBnmunFAPflQjH1eg46CA75nMhXtbQwdljABmLm1f VjD19EP/tkMg2oeyiPq5MES4phrY+D9KVsneTCqpqBzE9OPo7CB+wH/dP0ROZRiDYlEA /1+MlNLcXSrhuVKf0VA7DHMMON2M4NEADJh5vNdBoxx6wqKZT2eOSCpNTfd6q/vu4ueF uTq048VbN+mwQJkGT25NvwkaMoVm6GlDlEWyj8zhqaYgl6tPnaUnA9uRV9LudfDLIWNQ hkS0RkkHfmwrGKbtLuUEPzyaBzB2OnrRp1u8UgQZddG4XHK2OhhoKnwOrVAFdZnZqj0G 1IFw== Original-Received: by 10.152.162.68 with SMTP id xy4mr14387249lab.49.1335602781072; Sat, 28 Apr 2012 01:46:21 -0700 (PDT) Original-Received: by 10.112.56.132 with HTTP; Sat, 28 Apr 2012 01:46:21 -0700 (PDT) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 209.85.217.169 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:150112 Archived-At: P.S. I also forgot to mention. It looks like auth-source.el has (require 'assoc) which emacs tells me is an obsolete package. Should this be addressed prior to emacs 24? Tim On 28 April 2012 10:45, Tim Cross wrote: > I've recently run into a minor problem with the auth-source library > which I think is due to the default SPEC for auth-sources. I wanted > some feedbak before logging a bug request and also wanted to make this > possible issue visible asap given the need to get defaults sorted for > the next release. > > The current default sorces spec (taken from recent emacs bzr sources) is > > ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc") > > I think it should be changed to have .authinfo.gpg first in the list. > The reason is that if you already have a .authinfo.gpg file and then > attempt to access a resource for which you don't yet have credentials > and the search criteria specifies the :create option, because > .authinfo is first, it will attempt to save the credentials in the > .authinfo file and not .authinfo.gpg. If you have things configured to > ask if you want to save (the default) it will ask if you want to save > to .authinfo even when it is aware you have a .authinfo.gpg file. It > does not appear to give you an option to change this. =A0If you just > accept the defaults and you do use .authinfo.gpg, things will break > when you add new credentials because it will create a .authinfo file. > Subsequent searches will never see the credentials you already have in > your .authinfo.gpg file as the search stops it has found the .authinfo > file. > > I also think that putting the GPG version first would encourage better > practices. On many systems, especially GNU Linux, gpg will already be > installed. I guess it may be an issue on other platforms, but still > think it is better to go for the more secure solution as the default, > even if that does create some additional work for those who don't want > to bothwer with encryptiong and are happy with a less secure approach. > > If this is not acceptable, I think the auth-source library may need to > be enhanced so that it defaults to the gpg version of the file for > saving when it knows one already exists. > > Tim > > > -- > Tim Cross --=20 Tim Cross