From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jens Schmidt Newsgroups: gmane.emacs.devel Subject: Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix? Date: Thu, 1 Jun 2023 22:10:04 +0200 Message-ID: References: <87fs7dnd1u.fsf@localhost> <6503151d-13be-f299-24a2-76bb9d6fecc8@alphapapa.net> <46880634-f4bd-f036-9d85-0d17ce213112@vodafonemail.de> <874jnrd6ph.fsf@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="34840"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Cc: Adam Porter , emacs-devel@gnu.org To: Ihor Radchenko Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Jun 01 22:11:40 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q4oe4-0008uw-Dh for ged-emacs-devel@m.gmane-mx.org; Thu, 01 Jun 2023 22:11:40 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q4odA-0007AO-SA; Thu, 01 Jun 2023 16:10:44 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4od9-00074C-5l for emacs-devel@gnu.org; Thu, 01 Jun 2023 16:10:43 -0400 Original-Received: from mr5.vodafonemail.de ([145.253.228.165]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4od6-0005jT-VM for emacs-devel@gnu.org; Thu, 01 Jun 2023 16:10:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vodafonemail.de; s=vfde-mb-mr2-21dec; t=1685650225; bh=/CecKgKBWaSuNU9RU01wAtvR9q0m9aX05RVTxjn+sr0=; h=Message-ID:Date:User-Agent:Subject:Content-Language:To:References: From:In-Reply-To:Content-Type:From; b=pFwom6bYOOeLV7PL3k751ksvtmsjkI+FHCpNDUVnD7EwM9NPPO9wPIfImFSWPgmmL OZn1dsX3wp/dGa6Q2A856nOD85AEyShduemh7jVcgu5Px9pGUv5m/zMtvPpJp+r6Es gt/0ZvUbP4tEGvceTwNrgVlsHbZ1ro1u94lY53SM= Original-Received: from smtp.vodafone.de (unknown [10.0.0.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mr5.vodafonemail.de (Postfix) with ESMTPS id 4QXHLT0v4Pz1ycy; Thu, 1 Jun 2023 20:10:25 +0000 (UTC) Original-Received: from [192.168.178.41] (port-92-194-237-192.dynamic.as20676.net [92.194.237.192]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 4QXHLG3XfMzMks6; Thu, 1 Jun 2023 20:10:11 +0000 (UTC) Content-Language: de-DE-frami, en-US In-Reply-To: <874jnrd6ph.fsf@localhost> X-purgate-type: clean X-purgate: clean X-purgate-size: 936 X-purgate-ID: 155817::1685650220-797F94D1-5350C2A1/0/0 Received-SPF: pass client-ip=145.253.228.165; envelope-from=jschmidt4gnu@vodafonemail.de; helo=mr5.vodafonemail.de X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:306529 Archived-At: On 2023-06-01 08:42, Ihor Radchenko wrote: > AFAIK, Adam had a very hard time dealing with auth-source.el. See the > reddit link in his message. Did that. However, it is my understanding that auth-source is an abstraction for credential retrieving (".netrc 3.0"), while plstore is a generic persistence library. I'm targeting plstore. > AFAIR, part of the problem was (1) poor documentation; (2) various > edge cases that had to be considered; (3) complex code required to > make things work. So, here he is asking for a _simple_ API that does > not require too much of tinkering with the internals. If such API is > added to plstore, it will certainly be great. The API is available and IMHO sufficiently simple, but issues (1) and (2) are surely present in plstore. Plus it does not handle expiry in any way. Will do my best to do something about all these, keeping the results of this thread in mind.