From: Stefan Monnier <monnier@IRO.UMontreal.CA>
To: Achim Gratz <Stromeko@nexgo.de>
Cc: 9113@debbugs.gnu.org, Lars Ingebrigtsen <larsi@gnus.org>,
Roland Winkler <winkler@gnu.org>
Subject: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Date: Thu, 26 Jan 2012 16:41:19 -0500 [thread overview]
Message-ID: <jwvpqe65kh9.fsf-monnier+emacs@gnu.org> (raw)
In-Reply-To: <87bopq6xng.fsf@lifelogs.com> (Ted Zlatanov's message of "Thu, 26 Jan 2012 14:01:39 -0600")
SM> That might be a good option.
> It works fairly well but it's hacky, and can't be shared with other
> programs.
Indeed, it's a major downside.
> I'd like to implement it with libnettle at least, so it doesn't depend
> on the external gpg utility.
But that would make it work even less with other programs.
LI> Yes. But it will require the user to type in a password to get to the
LI> password. :-) And again, programs like Firefox defaults to storing the
LI> passwords in non-encrypted files, so I don't really see why Emacs should
LI> be more difficult to use than Firefox.
I don't know about you, but I don't let Firefox store my mailbox's
password. I have a lot of passwords stored in Firefox's database, but
they're all things I don't really care about (e.g. passwords to log into
some stupid web-forums).
SM> Another option (the better long-term option) is to use an external
SM> keychain service to handle these issues. That's what we should focus on
SM> for the "next time".
> Do you mean gpg-agent or the OS keychain?
I mean the keychain.
> Neither is available on all platforms consistently.
AFAIK all platforms have a keychain nowadays and it's the best place to
put sensitive passwords such as the ones used to access your IMAP server.
>>> IIRC for 23 the default was to keep the password for the current session
>>> and not to store it in any file at all. I think it's a better default
>>> than writing it in clear in some file, so at least for 24.1 reverting to
>>> the Emacs-23 default is very attractive.
LI> Well, Emacs 23 just made you write the .authinfo file by hand. Emacs 24
LI> prompts you for whether you want to store the password or not. If you
LI> don't want to, say "n".
Yes, I guess it's good enough.
> One possible flow:
> If the user says `y' then we can ask (if `auth-sources' is 'ask)
> "Do you want to keep your passwords in a GPG-encrypted file?"
> If they say `y' then set `auth-sources' to "~/.authinfo.gpg" and check
> that EPA/EPG are enabled. If GPG is not available, what do we do? Use
> libnettle? Or explain and pretend they said `n'?
If GPG is not available, ask a different question, as in "It will be
saved in cleartext, is that OK?"
Stefan
next prev parent reply other threads:[~2012-01-26 21:41 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-18 3:08 bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg Roland Winkler
2012-01-25 20:18 ` Ted Zlatanov
2012-01-26 2:02 ` Stefan Monnier
2012-01-26 15:32 ` Ted Zlatanov
2012-01-26 17:28 ` Stefan Monnier
2012-01-26 17:52 ` Lars Ingebrigtsen
2012-01-26 17:53 ` Achim Gratz
2012-01-26 20:01 ` bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, " Ted Zlatanov
2012-01-26 21:41 ` Stefan Monnier [this message]
2012-01-30 16:36 ` Lars Ingebrigtsen
2012-01-30 22:18 ` Stefan Monnier
2012-01-30 22:21 ` Lars Ingebrigtsen
2012-01-31 9:00 ` Michael Albinus
2012-01-31 17:51 ` Stefan Monnier
2012-02-13 17:35 ` Ted Zlatanov
2012-02-13 18:35 ` Michael Albinus
2012-01-27 1:47 ` bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, " Daiki Ueno
2012-01-27 16:23 ` Ted Zlatanov
2012-01-29 9:50 ` Daiki Ueno
2012-01-30 16:33 ` bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, " Lars Ingebrigtsen
2012-01-31 6:55 ` Chong Yidong
2012-01-31 11:57 ` Lars Ingebrigtsen
2012-02-03 17:14 ` Kevin Rodgers
2012-01-31 11:11 ` Ted Zlatanov
2012-01-31 11:37 ` Michael Albinus
2012-02-13 17:38 ` Ted Zlatanov
2012-01-28 8:47 ` Roland Winkler
2012-01-28 19:05 ` Lars Ingebrigtsen
2012-01-28 19:32 ` Roland Winkler
2012-01-30 16:18 ` Lars Ingebrigtsen
2012-01-30 18:49 ` Roland Winkler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=jwvpqe65kh9.fsf-monnier+emacs@gnu.org \
--to=monnier@iro.umontreal.ca \
--cc=9113@debbugs.gnu.org \
--cc=Stromeko@nexgo.de \
--cc=larsi@gnus.org \
--cc=winkler@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.