From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#13374: 24.?; open-gnutls-stream insecurity Date: Tue, 08 Jan 2013 15:49:28 +0100 Message-ID: References: <87mwwlz43m.fsf@Black.ICE> <3fhamscn9w.fsf@fencepost.gnu.org> <871udvhh11.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1357656613 25279 80.91.229.3 (8 Jan 2013 14:50:13 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 8 Jan 2013 14:50:13 +0000 (UTC) Cc: Oleksii Shevchuk , 13374@debbugs.gnu.org To: Glenn Morris Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jan 08 15:50:29 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TsaVS-0001WL-WC for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Jan 2013 15:50:23 +0100 Original-Received: from localhost ([::1]:54030 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsaVD-0000tk-0g for geb-bug-gnu-emacs@m.gmane.org; Tue, 08 Jan 2013 09:50:07 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:38477) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsaV7-0000nh-Fb for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 09:50:04 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TsaV4-0002Co-HO for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 09:50:01 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:43183) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TsaV4-0002Ci-Eq for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 09:49:58 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1TsaV8-0003KR-Gm for bug-gnu-emacs@gnu.org; Tue, 08 Jan 2013 09:50:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Lars Magne Ingebrigtsen Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 08 Jan 2013 14:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 13374 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 13374-submit@debbugs.gnu.org id=B13374.135765658512764 (code B ref 13374); Tue, 08 Jan 2013 14:50:02 +0000 Original-Received: (at 13374) by debbugs.gnu.org; 8 Jan 2013 14:49:45 +0000 Original-Received: from localhost ([127.0.0.1]:56422 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsaUq-0003Jm-JX for submit@debbugs.gnu.org; Tue, 08 Jan 2013 09:49:44 -0500 Original-Received: from hermes.netfonds.no ([80.91.224.195]:40882) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TsaUn-0003JW-GY for 13374@debbugs.gnu.org; Tue, 08 Jan 2013 09:49:43 -0500 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1TsaUb-0000hA-6o; Tue, 08 Jan 2013 15:49:29 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEUMBATeqW8dDQyFRiYJ AgNFIxlw756WAAACWUlEQVQ4jU2U0dKjIAyFs4gPQB3v+XFzX8lw7+z4ABQm7/8qe4K2/TPTCnxy coxEKpHIRfxRcqzaXovsQfZM9SR/kAUuXLCK2MNCf88rjsMfp9MLIMifv8LPX/A8T/qF+AMe/oT+ Aa2R6Hi9QfYzN+hhbaCfNyDfWzO149L6AP9PSoOhO9PxC+xL9p8NX3Aeeyh0vG37D5AmZaOv4wss ncJS6oZy+CHmL1fyIAJ12TbcagM8nwYCm6mj9QR05Xh6A+U8Z8kUdtEW2wWwH4J+3kVSCAob668d 4qew9h5C65nLBcjAepLkcwshce43OAw8Dpqi2STSoncOA0+6q0oUnY6yZ2/JaZA/SK6VNhZReDTA j4RADpGSXs0mmhJKMt07FsGdrzFhHKfwmKqNXyicJvpZMXZcsSPzuAk1gwY5MZCag1TPWGHYTozr bhNVprAO2amH5hLUX9XF7UnOqnvJQsMM9ZrcXikZWCC6aaYYU2op0rRUN8C6hbyJJlVkwSNswwaO 5GMKZZMCL9FhA81QdTTvC8C6FXUmNOpmLUNuD3Vacm/om8ZptJB1EaUlPOcyKgR91muUmDgseG/3 +hckeJOKJkRKck65YRTZpDar6YyhcwlVTDFZsyJ5D6Iu9kiz6zgseid3hIm00iDOXcbbY1hRpa4x RbQIF1tHwHxLTQmPmiq31BdbxevNrmFHJ25O61TQ4FjHN0FQwIQzSQ1PVSe5YyklbwknpVEvrLW/ gRTOzL0hORfmykOlGNmKUeRQ3G2GcHrKjt9WzLkISdF9Hd8Jewhpo26q8h9KyKVWSAThEwAAAABJ RU5ErkJggg== X-Now-Playing: Colourbox's _Colourbox (MAD315CD)_: "Baby I Love You So 12"" In-Reply-To: <871udvhh11.fsf@lifelogs.com> (Ted Zlatanov's message of "Tue, 08 Jan 2013 09:43:22 -0500") User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) X-MailScanner-ID: 1TsaUb-0000hA-6o MailScanner-NULL-Check: 1358261369.33896@X4YzzItPBPnLMQK8QZVrIw X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:69497 Archived-At: Ted Zlatanov writes: > It should default to nil (in other words, we'll ship 24.3 with the same > insecure behavior it has right now). But we can recommend to the users > to turn it on, and see how well it works in practice, and write the > necessary prompts and customization logic that Lars outlined. I think we should just leave things as is for 24.3, since it's too close to release, and fix this properly for 24.5. Instituting an option like that (which will have to be abandoned later) as a stop-gap I feel isn't all that helpful. I think. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/