From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.bugs Subject: bug#13374: 24.?; open-gnutls-stream insecurity Date: Tue, 08 Jan 2013 12:06:08 -0500 Message-ID: References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> <871udvhh11.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1357664832 11948 80.91.229.3 (8 Jan 2013 17:07:12 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 8 Jan 2013 17:07:12 +0000 (UTC) Cc: Oleksii Shevchuk , 13374@debbugs.gnu.org To: Lars Magne Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jan 08 18:07:28 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Tscdy-0004cP-Ra for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Jan 2013 18:07:18 +0100 Original-Received: from localhost ([::1]:45877 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tscdj-0003Wo-2a for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Jan 2013 12:07:03 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:39459) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tscde-0003WM-UY for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 12:07:01 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Tscdd-0006KO-Pi for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 12:06:58 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:43762) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tscdd-0006KK-Mi for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 12:06:57 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1Tscdi-0006dS-3I for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 12:07:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Monnier Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 08 Jan 2013 17:07:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 13374 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 13374-submit@debbugs.gnu.org id=B13374.135766478125462 (code B ref 13374); Tue, 08 Jan 2013 17:07:02 +0000 Original-Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 17:06:21 +0000 Original-Received: from localhost ([127.0.0.1]:57003 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Tscd3-0006cd-3L for submit@debbugs.gnu.org; Tue, 08 Jan 2013 12:06:21 -0500 Original-Received: from ironport2-out.teksavvy.com ([206.248.154.182]:46929) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1Tscd1-0006cR-EH for 13374@debbugs.gnu.org; Tue, 08 Jan 2013 12:06:19 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AtkGAG6Zu09FxIzd/2dsb2JhbABEgXuyFoEIghUBAQQBViMFCws0EhQYDSSIHAW6CZBEA4hCmnGBWIMH X-IronPort-AV: E=Sophos;i="4.75,637,1330923600"; d="scan'208";a="212065062" Original-Received: from 69-196-140-221.dsl.teksavvy.com (HELO pastel.home) ([69.196.140.221]) by ironport2-out.teksavvy.com with ESMTP/TLS/ADH-AES256-SHA; 08 Jan 2013 12:06:08 -0500 Original-Received: by pastel.home (Postfix, from userid 20848) id 9B95F59230; Tue, 8 Jan 2013 12:06:08 -0500 (EST) In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 08 Jan 2013 15:49:28 +0100") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:69503 Archived-At: >> It should default to nil (in other words, we'll ship 24.3 with the same >> insecure behavior it has right now). But we can recommend to the users >> to turn it on, and see how well it works in practice, and write the >> necessary prompts and customization logic that Lars outlined. > I think we should just leave things as is for 24.3, since it's too close > to release, and fix this properly for 24.5. I tend to agree, although, if the patch is sufficiently trivial, it could be accepted (e.g. define a new custom var, with nil default value and splice it somewhere in the code where nil makes no difference). > Instituting an option like that (which will have to be abandoned > later) as a stop-gap I feel isn't all that helpful. If the option will have to be abandoned, then it's indeed a loser, but I thought the idea is that this option will stay and the added code in 24.4 will "simply" be handling errors more cleverly and prompting the user to update this option on-the-fly. Stefan