GNU bug report logs -
#34145
27.0.50; Writing .authinfo needs better confirmation
Previous Next
Reported by: Michael Albinus <michael.albinus <at> gmx.de>
Date: Sun, 20 Jan 2019 10:52:02 UTC
Severity: wishlist
Tags: wontfix
Found in version 27.0.50
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 34145 in the body.
You can then email your comments to 34145 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34145; Package
emacs.
(Sun, 20 Jan 2019 10:52:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Michael Albinus <michael.albinus <at> gmx.de>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Sun, 20 Jan 2019 10:52:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
A Tramp user has reported recently, that writing a password into
.authinfo happened too easily, without proper confirmation
request. Granted, there was a `y-or-no-p' style question, but obviously
he has accepted w/o thinking too much. See
<http://lists.gnu.org/archive/html/help-gnu-emacs/2019-01/msg00054.html>.
Since this is sensible data, he proposes to make it harder to
confirm. `auth-source-netrc-saver' should offer an alternative
confirmation prompt, more like `yes-or-no-p'. Which prompt to apply
should be configurable.
In GNU Emacs 27.0.50 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.1)
of 2019-01-10 built on detlef
Repository revision: a2e78046f6b52e0a433ae6e1b9e6e5015f415412
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12001000
System Description: Ubuntu 18.10
Recent messages:
Composing main Info directory...done
Info-search: Search failed: "auth-source" [3 times]
Info-search: Search failed: "(auth)" [4 times]
No more unseen articles
Mark set
uncompressing 26476.gz...done
Parsing /home/albinus/.mailrc... done
Mark set [2 times]
Auto-saving...done
Mark set
Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GSETTINGS GLIB
NOTIFY INOTIFY ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF
XFT ZLIB TOOLKIT_SCROLL_BARS GTK3 X11 XDBE XIM THREADS LCMS2 GMP
Important settings:
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: @im=none
locale-coding-system: utf-8
Major mode: Message
Minor modes in effect:
gnus-message-citation-mode: t
mml-mode: t
diff-auto-refine-mode: t
erc-notify-mode: t
erc-notifications-mode: t
display-time-mode: t
shell-dirtrack-mode: t
delete-selection-mode: t
icomplete-mode: t
show-paren-mode: t
tooltip-mode: t
global-eldoc-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
column-number-mode: t
line-number-mode: t
auto-fill-function: message-do-auto-fill
transient-mark-mode: t
abbrev-mode: t
Load-path shadows:
/home/albinus/src/elpa/packages/debbugs/debbugs-org hides /home/albinus/.emacs.d/elpa/debbugs-0.16/debbugs-org
/home/albinus/src/elpa/packages/debbugs/debbugs-gnu hides /home/albinus/.emacs.d/elpa/debbugs-0.16/debbugs-gnu
/home/albinus/src/elpa/packages/debbugs/debbugs hides /home/albinus/.emacs.d/elpa/debbugs-0.16/debbugs
/home/albinus/src/elpa/packages/debbugs/debbugs-autoloads hides /home/albinus/.emacs.d/elpa/debbugs-0.16/debbugs-autoloads
/home/albinus/src/elpa/packages/debbugs/debbugs-pkg hides /home/albinus/.emacs.d/elpa/debbugs-0.16/debbugs-pkg
/home/albinus/src/elpa/packages/debbugs/debbugs-browse hides /home/albinus/.emacs.d/elpa/debbugs-0.16/debbugs-browse
~/lisp/telepathy hides /home/albinus/.emacs.d/elpa/telepathy-20131209.1258/telepathy
/home/albinus/src/elpa/packages/tramp-theme/tramp-theme hides /home/albinus/.emacs.d/elpa/tramp-theme-0.2/tramp-theme
/home/albinus/src/elpa/packages/tramp-theme/tramp-theme-autoloads hides /home/albinus/.emacs.d/elpa/tramp-theme-0.2/tramp-theme-autoloads
/home/albinus/src/elpa/packages/tramp-theme/tramp-theme-pkg hides /home/albinus/.emacs.d/elpa/tramp-theme-0.2/tramp-theme-pkg
/home/albinus/src/tramp/lisp/tramp-smb hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-smb
/home/albinus/src/tramp/lisp/tramp-sudoedit hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-sudoedit
/home/albinus/src/tramp/lisp/tramp-uu hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-uu
/home/albinus/src/tramp/lisp/tramp-adb hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-adb
/home/albinus/src/tramp/lisp/tramp-compat hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-compat
/home/albinus/src/tramp/lisp/tramp-archive hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-archive
/home/albinus/src/tramp/lisp/tramp hides /usr/local/share/emacs/27.0.50/lisp/net/tramp
/home/albinus/src/tramp/lisp/trampver hides /usr/local/share/emacs/27.0.50/lisp/net/trampver
/home/albinus/src/tramp/lisp/tramp-rclone hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-rclone
/home/albinus/src/tramp/lisp/tramp-ftp hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-ftp
/home/albinus/src/tramp/lisp/tramp-cmds hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-cmds
/home/albinus/src/tramp/lisp/tramp-gvfs hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-gvfs
/home/albinus/src/tramp/lisp/tramp-loaddefs hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-loaddefs
~/lisp/dbus hides /usr/local/share/emacs/27.0.50/lisp/net/dbus
/home/albinus/src/tramp/lisp/tramp-sh hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-sh
/home/albinus/src/tramp/lisp/tramp-cache hides /usr/local/share/emacs/27.0.50/lisp/net/tramp-cache
Features:
(shadow warnings emacsbug nnir sort gnus-cite smiley url-util shr-color
color shr text-property-search svg dom browse-url mm-archive mail-extr
qp gnus-async gnus-bcklg cl-extra help-mode gnus-ml pop3 utf-7 nndraft
nnmh nnml gnutls network-stream nsm gnus-agent gnus-srvr gnus-score
score-mode nnvirtual gnus-msg gnus-art mm-uu mml2015 mm-view mml-smime
smime dig mailcap gnus-cache gnus-sum nnnil smtpmail sendmail gnus-demon
nntp gnus-group gnus-undo gnus-start gnus-cloud nnimap nnmail
mail-source utf7 netrc nnoo gnus-spec gnus-int gnus-range message rmc
puny rfc822 mml mml-sec epa derived epg mm-decode mm-bodies mm-encode
mail-parse rfc2231 mailabbrev gmm-utils mailheader gnus-win gnus
nnheader gnus-util rmail rmail-loaddefs rfc2047 rfc2045 ietf-drums
time-date mail-utils mm-util mail-prsvr wid-edit vc-git diff-mode
easy-mmode find-dired time-stamp misearch multi-isearch elec-pair vc
vc-dispatcher erc-notify erc-networks erc-desktop-notifications
erc-match notifications dbus xml erc-goodies erc erc-backend erc-compat
thingatpt pp erc-loaddefs cperl-mode time tramp-sh kubernetes-tramp
lxc-tramp lxd-tramp subr-x docker-tramp tramp-cache vagrant-tramp dash
term disp-table ehelp tramp tramp-loaddefs trampver tramp-compat
ucs-normalize shell pcomplete comint ansi-color ring parse-time
format-spec advice delsel ido jka-compr icomplete paren dired
dired-loaddefs mule-util edmacro kmacro rx slime-autoloads info
finder-inf package easymenu epg-config url-handlers url-parse
auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs
password-cache json map url-vars seq byte-opt gv bytecomp byte-compile
cconv cl-loaddefs cl-lib tooltip eldoc electric uniquify ediff-hook
vc-hooks lisp-float-type mwheel term/x-win x-win term/common-win x-dnd
tool-bar dnd fontset image regexp-opt fringe tabulated-list replace
newcomment text-mode elisp-mode lisp-mode prog-mode register page
menu-bar rfn-eshadow isearch timer select scroll-bar mouse jit-lock
font-lock syntax facemenu font-core term/tty-colors frame cl-generic
cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech
european ethiopic indian cyrillic chinese composite charscript charprop
case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer
cl-preloaded nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote threads dbusbind
inotify lcms2 dynamic-setting system-font-setting font-render-setting
move-toolbar gtk x-toolkit x multi-tty make-network-process emacs)
Memory information:
((conses 16 451386 45305)
(symbols 48 38694 2)
(strings 32 100995 15379)
(string-bytes 1 3109604)
(vectors 16 58151)
(vector-slots 8 1009896 35382)
(floats 8 427 302)
(intervals 56 7248 270)
(buffers 992 33))
Severity set to 'wishlist' from 'normal'
Request was from
Michael Albinus <michael.albinus <at> gmx.de>
to
control <at> debbugs.gnu.org.
(Sun, 20 Jan 2019 10:54:01 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34145; Package
emacs.
(Wed, 09 Oct 2019 22:22:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 34145 <at> debbugs.gnu.org (full text, mbox):
Michael Albinus <michael.albinus <at> gmx.de> writes:
> A Tramp user has reported recently, that writing a password into
> .authinfo happened too easily, without proper confirmation
> request. Granted, there was a `y-or-no-p' style question, but obviously
> he has accepted w/o thinking too much. See
> <http://lists.gnu.org/archive/html/help-gnu-emacs/2019-01/msg00054.html>.
>
> Since this is sensible data, he proposes to make it harder to
> confirm. `auth-source-netrc-saver' should offer an alternative
> confirmation prompt, more like `yes-or-no-p'. Which prompt to apply
> should be configurable.
It's a multiple-choice thing:
(concat "(y)es, save\n"
"(n)o but use the info\n"
"(N)o and don't ask to save again\n"
"(e)dit the line\n"
"(?) for help as you can see.\n"))
So I don't think a yes-or-no-p-like action here is practical.
Anybody got an opinion?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34145; Package
emacs.
(Thu, 10 Oct 2019 05:27:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 34145 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
>> A Tramp user has reported recently, that writing a password into
>> .authinfo happened too easily, without proper confirmation
>> request. Granted, there was a `y-or-no-p' style question, but obviously
>> he has accepted w/o thinking too much. See
>> <http://lists.gnu.org/archive/html/help-gnu-emacs/2019-01/msg00054.html>.
>>
>> Since this is sensible data, he proposes to make it harder to
>> confirm. `auth-source-netrc-saver' should offer an alternative
>> confirmation prompt, more like `yes-or-no-p'. Which prompt to apply
>> should be configurable.
>
> It's a multiple-choice thing:
>
> (concat "(y)es, save\n"
> "(n)o but use the info\n"
> "(N)o and don't ask to save again\n"
> "(e)dit the line\n"
> "(?) for help as you can see.\n"))
>
> So I don't think a yes-or-no-p-like action here is practical.
>
> Anybody got an opinion?
Honestly, I'm undecided. The major idea of this request was to make it
harder to save a password string somewhere. Just a single ky is too easy.
To my taste, yes/no is sufficient. This choice does not need to ask,
whether the entered password shall be applied. It is obvious that it should.
Best regards, Michael.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34145; Package
emacs.
(Fri, 11 Oct 2019 07:38:01 GMT)
Full text and
rfc822 format available.
Message #16 received at 34145 <at> debbugs.gnu.org (full text, mbox):
Michael Albinus <michael.albinus <at> gmx.de> writes:
>> It's a multiple-choice thing:
>>
>> (concat "(y)es, save\n"
>> "(n)o but use the info\n"
>> "(N)o and don't ask to save again\n"
>> "(e)dit the line\n"
>> "(?) for help as you can see.\n"))
>>
>> So I don't think a yes-or-no-p-like action here is practical.
>>
>> Anybody got an opinion?
>
> Honestly, I'm undecided. The major idea of this request was to make it
> harder to save a password string somewhere. Just a single ky is too easy.
>
> To my taste, yes/no is sufficient. This choice does not need to ask,
> whether the entered password shall be applied. It is obvious that it should.
The password is always applied (i.e., used), but it can be saved, not
saved and don't ask again. And in addition you can edit the .authinfo
line. So I don't see yes-or-no-p working here.
It could add another "really save?" after you've answered "y", though,
but I think that sounds kinda obnoxious.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34145; Package
emacs.
(Fri, 11 Oct 2019 10:04:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 34145 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> The password is always applied (i.e., used), but it can be saved, not
> saved and don't ask again. And in addition you can edit the .authinfo
> line. So I don't see yes-or-no-p working here.
Ahh, you're right. So I don't have a better proposal.
Best regards, Michael.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#34145; Package
emacs.
(Sun, 13 Oct 2019 18:08:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 34145 <at> debbugs.gnu.org (full text, mbox):
Michael Albinus <michael.albinus <at> gmx.de> writes:
>> The password is always applied (i.e., used), but it can be saved, not
>> saved and don't ask again. And in addition you can edit the .authinfo
>> line. So I don't see yes-or-no-p working here.
>
> Ahh, you're right. So I don't have a better proposal.
OK; closing.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Added tag(s) wontfix.
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Sun, 13 Oct 2019 18:08:02 GMT)
Full text and
rfc822 format available.
bug closed, send any further explanations to
34145 <at> debbugs.gnu.org and Michael Albinus <michael.albinus <at> gmx.de>
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Sun, 13 Oct 2019 18:08:03 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 11 Nov 2019 12:24:10 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 167 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.