Received: (at submit) by debbugs.gnu.org; 13 Feb 2012 18:37:56 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 13 13:37:56 2012 Received: from localhost ([127.0.0.1]:39208 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1Rx0mi-0005cr-BD for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 13:37:56 -0500 Received: from eggs.gnu.org ([140.186.70.92]:37878) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <michael.albinus@HIDDEN>) id 1Rx0mg-0005cf-5c for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 13:37:54 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <michael.albinus@HIDDEN>) id 1Rx0l1-0007I3-T8 for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 13:36:17 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.2 Received: from lists.gnu.org ([140.186.70.17]:58280) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <michael.albinus@HIDDEN>) id 1Rx0l1-0007Hz-Re for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 13:36:11 -0500 Received: from eggs.gnu.org ([140.186.70.92]:33809) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <michael.albinus@HIDDEN>) id 1Rx0kx-0000bD-T2 for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 13:36:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <michael.albinus@HIDDEN>) id 1Rx0kq-0007Gt-NB for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 13:36:07 -0500 Received: from mailout-de.gmx.net ([213.165.64.22]:48963) by eggs.gnu.org with smtp (Exim 4.71) (envelope-from <michael.albinus@HIDDEN>) id 1Rx0kq-0007Gf-Db for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 13:36:00 -0500 Received: (qmail invoked by alias); 13 Feb 2012 18:35:58 -0000 Received: from p57BB965F.dip0.t-ipconnect.de (EHLO detlef.gmx.de) [87.187.150.95] by mail.gmx.net (mp040) with SMTP; 13 Feb 2012 19:35:58 +0100 X-Authenticated: #3708877 X-Provags-ID: V01U2FsdGVkX18P1ihRxbEPxlf46G4/ft6NMevCjAJn0QwVUhM5Gg HKXk7W+j2HGrh3 From: Michael Albinus <michael.albinus@HIDDEN> To: bug-gnu-emacs@HIDDEN Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> <jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> <87bopldu58.fsf@HIDDEN> <jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN> <87bopkgsb3.fsf@HIDDEN> <jwvfwev4v9t.fsf-monnier+emacs@HIDDEN> <87aa4m4oxj.fsf@HIDDEN> Date: Mon, 13 Feb 2012 19:35:46 +0100 In-Reply-To: <87aa4m4oxj.fsf@HIDDEN> (Ted Zlatanov's message of "Mon, 13 Feb 2012 12:35:04 -0500") Message-ID: <87obt21szh.fsf_-_@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Y-GMX-Trusted: 0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.17 X-Spam-Score: -4.2 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -4.2 (----) Ted Zlatanov <tzz@HIDDEN> writes: > I don't think secrets.el has a probing function to decide if there's > something that can talk to us via the Secrets API. (ignore-errors (require 'secrets) secrets-enabled) > Ted Best regards, Michael.
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at submit) by debbugs.gnu.org; 13 Feb 2012 17:42:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 13 12:42:09 2012
Received: from localhost ([127.0.0.1]:39154 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1Rwzuh-0003Ol-TY
for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 12:42:09 -0500
Received: from eggs.gnu.org ([140.186.70.92]:59433)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzuf-0003OG-2C
for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 12:42:05 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzt2-00030a-MK
for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 12:40:28 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD
autolearn=unavailable version=3.3.2
Received: from lists.gnu.org ([140.186.70.17]:60045)
by eggs.gnu.org with esmtp (Exim 4.71)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzt2-00030W-Ks
for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 12:40:24 -0500
Received: from eggs.gnu.org ([140.186.70.92]:58008)
by lists.gnu.org with esmtp (Exim 4.71)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzst-0002fc-9N
for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 12:40:24 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzsn-0002yj-9V
for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 12:40:15 -0500
Received: from plane.gmane.org ([80.91.229.3]:51484)
by eggs.gnu.org with esmtp (Exim 4.71)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzsn-0002yZ-1i
for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 12:40:09 -0500
Received: from list by plane.gmane.org with local (Exim 4.69)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzsh-0006vV-4e
for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 18:40:03 +0100
Received: from c-76-28-40-19.hsd1.vt.comcast.net ([76.28.40.19])
by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
id 1AlnuQ-0007hv-00
for <bug-gnu-emacs@HIDDEN>; Mon, 13 Feb 2012 18:40:03 +0100
Received: from tzz by c-76-28-40-19.hsd1.vt.comcast.net with local (Gmexim 0.1
(Debian)) id 1AlnuQ-0007hv-00
for <bug-gnu-emacs@HIDDEN>; Mon, 13 Feb 2012 18:40:03 +0100
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: bug-gnu-emacs@HIDDEN
To: bug-gnu-emacs@HIDDEN
From: Ted Zlatanov <tzz@HIDDEN>
Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Date: Mon, 13 Feb 2012 12:38:54 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Lines: 28
Message-ID: <8762fa4or5.fsf@HIDDEN>
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
<87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN>
<jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> <87bopldu58.fsf@HIDDEN>
<jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN> <87fwexduac.fsf@HIDDEN>
<87liooyvmj.fsf_-_@HIDDEN> <877h08gl1u.fsf@HIDDEN>
Mime-Version: 1.0
Content-Type: text/plain
X-Complaints-To: usenet@HIDDEN
X-Gmane-NNTP-Posting-Host: c-76-28-40-19.hsd1.vt.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
User-Agent: Gnus/5.130002 (Ma Gnus v0.2) Emacs/24.0.93 (gnu/linux)
Cancel-Lock: sha1:qPDeXYfKkofkn1b4w7ycguTwUlE=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 140.186.70.17
X-Spam-Score: -4.2 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: bug-gnu-emacs@HIDDEN
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -4.2 (----)
On Tue, 31 Jan 2012 12:37:17 +0100 Michael Albinus <michael.albinus@HIDDEN> wrote:
MA> Ted Zlatanov <tzz@HIDDEN> writes:
>> As a default, it seems that storing the credential data in a temporary
>> in-memory auth-source backend *by default* is the best solution.
MA> You use already password-cache.el in auth-source.el. It could be made
MA> public by allowing a :cache entry in `auth-sources'.
OK.
>> Then on exit or on `auth-source-save', if there is something in the
>> in-memory backend, we can ask the user if he wants to save the passwords
>> and where, with all the consequent UI choices. The user can pick a
>> plain file, or a plain file with password tokens, or a GPG-encrypted
>> file (with or without external support), or the platform's keychain
>> service, if available. At that time the UI can modify `auth-sources'
>> for the user.
MA> Too complicate. If a user decides for cached passwords, she shouldn't be
MA> asked for saving. It is convenient enough to enter a password only once
MA> during a session.
I'm not convinced but it does make sense, and would make the experience
simpler for the user. I've asked on the Gnus mailing list for opinions
and anyone interested can post them here too.
Ted
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at submit) by debbugs.gnu.org; 13 Feb 2012 17:37:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 13 12:37:17 2012
Received: from localhost ([127.0.0.1]:39146 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1Rwzq0-0003G1-Op
for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 12:37:17 -0500
Received: from eggs.gnu.org ([140.186.70.92]:40111)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzpx-0003Fm-Q3
for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 12:37:15 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RwzoJ-000258-OG
for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 12:35:37 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD
autolearn=unavailable version=3.3.2
Received: from lists.gnu.org ([140.186.70.17]:34941)
by eggs.gnu.org with esmtp (Exim 4.71)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RwzoJ-000254-Me
for submit <at> debbugs.gnu.org; Mon, 13 Feb 2012 12:35:31 -0500
Received: from eggs.gnu.org ([140.186.70.92]:43069)
by lists.gnu.org with esmtp (Exim 4.71)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RwzoD-0001su-Pl
for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 12:35:31 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzo4-00023e-7s
for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 12:35:25 -0500
Received: from plane.gmane.org ([80.91.229.3]:50837)
by eggs.gnu.org with esmtp (Exim 4.71)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzo4-00023a-0G
for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 12:35:16 -0500
Received: from list by plane.gmane.org with local (Exim 4.69)
(envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1Rwzo2-00026L-1a
for bug-gnu-emacs@HIDDEN; Mon, 13 Feb 2012 18:35:14 +0100
Received: from c-76-28-40-19.hsd1.vt.comcast.net ([76.28.40.19])
by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
id 1AlnuQ-0007hv-00
for <bug-gnu-emacs@HIDDEN>; Mon, 13 Feb 2012 18:35:14 +0100
Received: from tzz by c-76-28-40-19.hsd1.vt.comcast.net with local (Gmexim 0.1
(Debian)) id 1AlnuQ-0007hv-00
for <bug-gnu-emacs@HIDDEN>; Mon, 13 Feb 2012 18:35:14 +0100
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: bug-gnu-emacs@HIDDEN
To: bug-gnu-emacs@HIDDEN
From: Ted Zlatanov <tzz@HIDDEN>
Subject: Re: bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg
Date: Mon, 13 Feb 2012 12:35:04 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Lines: 35
Message-ID: <87aa4m4oxj.fsf@HIDDEN>
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
<87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN>
<jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> <87bopldu58.fsf@HIDDEN>
<jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN> <87bopkgsb3.fsf@HIDDEN>
<jwvfwev4v9t.fsf-monnier+emacs@HIDDEN>
Mime-Version: 1.0
Content-Type: text/plain
X-Complaints-To: usenet@HIDDEN
X-Gmane-NNTP-Posting-Host: c-76-28-40-19.hsd1.vt.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
User-Agent: Gnus/5.130002 (Ma Gnus v0.2) Emacs/24.0.93 (gnu/linux)
Cancel-Lock: sha1:kdlJmbZ/DlooaHAT5bpiUBDGnks=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 140.186.70.17
X-Spam-Score: -4.2 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
Reply-To: bug-gnu-emacs@HIDDEN
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -4.2 (----)
On Tue, 31 Jan 2012 12:51:48 -0500 Stefan Monnier <monnier@HIDDEN> wrote:
>>>> Or does (say) OS X (or Ubuntu) start a key chain when you log in, and
>>>> then Thunderbird consults that when it connects to the IMAP server?
>>> Exactly. So, yes, I want Emacs to support the system's keychain tool,
>>> since it's the right solution for the job.
>> auth-sources.el supports already secrets.el, which is an interface to
>> Gnome keyring and KWallet, respectively.
SM> So that's what we should use by default when available.
I don't think secrets.el has a probing function to decide if there's
something that can talk to us via the Secrets API. If that was
possible, we could make it the first choice. But I'm concerned that
then we *automatically* pick one solution for some users and another for
others, and I'm going to have to support that.
On Mac OS X, I would really like to use the system keychain. But the
bindings were never finished and I don't know enough to do it myself.
>> The problem is, that there is no default under which name a password is
>> stored there. Every application seems to use its own naming scheme.
SM> While it is probably a problem for users, I don't think it's a problem
SM> for Emacs: it just means that the password you store with one
SM> application won't automatically work in some other application when
SM> accessing the same service on the same host.
I chose to use the netrc/authinfo format to be compatible with other
applications; I could have used something much more capable otherwise.
Similarly for keychains I think we should try to be consistent with
Firefox and Chrome, at least for HTTP/HTTPS and probably in general.
Compatibility with those applications is a big benefit to our users.
Ted
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at submit) by debbugs.gnu.org; 3 Feb 2012 17:15:11 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 03 12:15:10 2012 Received: from localhost ([127.0.0.1]:52513 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RtMj8-0006Xy-Jv for submit <at> debbugs.gnu.org; Fri, 03 Feb 2012 12:15:10 -0500 Received: from eggs.gnu.org ([140.186.70.92]:53800) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RtMj5-0006Xm-Ms for submit <at> debbugs.gnu.org; Fri, 03 Feb 2012 12:15:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RtMiN-0007xk-A3 for submit <at> debbugs.gnu.org; Fri, 03 Feb 2012 12:14:28 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, T_RP_MATCHES_RCVD autolearn=unavailable version=3.3.2 Received: from lists.gnu.org ([140.186.70.17]:39856) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RtMiN-0007xa-8G for submit <at> debbugs.gnu.org; Fri, 03 Feb 2012 12:14:23 -0500 Received: from eggs.gnu.org ([140.186.70.92]:50095) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RtMiJ-0008NI-Co for bug-gnu-emacs@HIDDEN; Fri, 03 Feb 2012 12:14:23 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RtMiD-0007v8-JA for bug-gnu-emacs@HIDDEN; Fri, 03 Feb 2012 12:14:19 -0500 Received: from plane.gmane.org ([80.91.229.3]:56675) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RtMiD-0007ux-Ak for bug-gnu-emacs@HIDDEN; Fri, 03 Feb 2012 12:14:13 -0500 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RtMiA-0001O9-04 for bug-gnu-emacs@HIDDEN; Fri, 03 Feb 2012 18:14:10 +0100 Received: from c-71-237-25-24.hsd1.co.comcast.net ([71.237.25.24]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <bug-gnu-emacs@HIDDEN>; Fri, 03 Feb 2012 18:14:09 +0100 Received: from kevin.d.rodgers by c-71-237-25-24.hsd1.co.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <bug-gnu-emacs@HIDDEN>; Fri, 03 Feb 2012 18:14:09 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: bug-gnu-emacs@HIDDEN From: Kevin Rodgers <kevin.d.rodgers@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg Date: Fri, 03 Feb 2012 10:14:56 -0700 Lines: 12 Message-ID: <jgh4kn$fiu$1@HIDDEN> References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> <87fwexduac.fsf@HIDDEN> <874nvc8io2.fsf@HIDDEN> <877h083x0q.fsf@HIDDEN> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@HIDDEN X-Gmane-NNTP-Posting-Host: c-71-237-25-24.hsd1.co.comcast.net User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.2.26) Gecko/20120129 Thunderbird/3.1.18 In-Reply-To: <877h083x0q.fsf@HIDDEN> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.17 X-Spam-Score: -4.2 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -4.2 (----) On 1/31/12 4:57 AM, Lars Ingebrigtsen wrote: > Chong Yidong<cyd@HIDDEN> writes: > >> Or we could rot13 it ;-) > > For extra security: Double rot13. To fully support the Unicode BMP: rot32768 -- Kevin Rodgers Denver, Colorado, USA
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 31 Jan 2012 17:52:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 31 12:52:08 2012
Received: from localhost ([127.0.0.1]:47502 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1RsHsG-0008J8-Gn
for submit <at> debbugs.gnu.org; Tue, 31 Jan 2012 12:52:08 -0500
Received: from chene.dit.umontreal.ca ([132.204.246.20]:60393)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <monnier@HIDDEN>) id 1RsHsE-0008J1-9Y
for 9113 <at> debbugs.gnu.org; Tue, 31 Jan 2012 12:52:06 -0500
Received: from faina.iro.umontreal.ca (lechon.iro.umontreal.ca
[132.204.27.242])
by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id q0VHpmcH029214;
Tue, 31 Jan 2012 12:51:48 -0500
Received: by faina.iro.umontreal.ca (Postfix, from userid 20848)
id 94E68B4168; Tue, 31 Jan 2012 12:51:48 -0500 (EST)
From: Stefan Monnier <monnier@HIDDEN>
To: Michael Albinus <michael.albinus@HIDDEN>
Subject: Re: bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg
Message-ID: <jwvfwev4v9t.fsf-monnier+emacs@HIDDEN>
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
<87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN>
<jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> <87bopldu58.fsf@HIDDEN>
<jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN> <87bopkgsb3.fsf@HIDDEN>
Date: Tue, 31 Jan 2012 12:51:48 -0500
In-Reply-To: <87bopkgsb3.fsf@HIDDEN> (Michael Albinus's message of "Tue, 31
Jan 2012 10:00:32 +0100")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 5
X-NAI-Spam-Score: 0
X-NAI-Spam-Rules: 1 Rules triggered
RV4118=0
X-NAI-Spam-Version: 2.2.0.9309 : core <4118> : streams <724590> : uri <1057267>
X-Spam-Score: -3.5 (---)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org, Lars Ingebrigtsen <larsi@HIDDEN>,
Achim Gratz <Stromeko@HIDDEN>, Roland Winkler <winkler@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -3.5 (---)
>>> Or does (say) OS X (or Ubuntu) start a key chain when you log in, and
>>> then Thunderbird consults that when it connects to the IMAP server?
>> Exactly. So, yes, I want Emacs to support the system's keychain tool,
>> since it's the right solution for the job.
> auth-sources.el supports already secrets.el, which is an interface to
> Gnome keyring and KWallet, respectively.
So that's what we should use by default when available.
> The problem is, that there is no default under which name a password is
> stored there. Every application seems to use its own naming scheme.
While it is probably a problem for users, I don't think it's a problem
for Emacs: it just means that the password you store with one
application won't automatically work in some other application when
accessing the same service on the same host.
Stefan
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 31 Jan 2012 11:57:43 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 31 06:57:43 2012 Received: from localhost ([127.0.0.1]:46439 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RsCLH-0005Dv-5f for submit <at> debbugs.gnu.org; Tue, 31 Jan 2012 06:57:43 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:43151) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RsCLB-0005DX-Is for 9113 <at> debbugs.gnu.org; Tue, 31 Jan 2012 06:57:39 -0500 Received: from 93-41-188-50.ip82.fastwebnet.it ([93.41.188.50] helo=rusty) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RsCKm-0001yT-2N; Tue, 31 Jan 2012 12:57:12 +0100 From: Lars Ingebrigtsen <larsi@HIDDEN> To: Chong Yidong <cyd@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> <87fwexduac.fsf@HIDDEN> <874nvc8io2.fsf@HIDDEN> Date: Tue, 31 Jan 2012 12:57:09 +0100 In-Reply-To: <874nvc8io2.fsf@HIDDEN> (Chong Yidong's message of "Tue, 31 Jan 2012 14:55:57 +0800") Message-ID: <877h083x0q.fsf@HIDDEN> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1RsCKm-0001yT-2N X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@HIDDEN MailScanner-NULL-Check: 1328615832.36339@wEl0S5/G4YjECbTR65T0vA X-Spam-Status: No X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Achim Gratz <Stromeko@HIDDEN>, Roland Winkler <winkler@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -1.9 (-) Chong Yidong <cyd@HIDDEN> writes: > Or we could rot13 it ;-) For extra security: Double rot13. -- (domestic pets only, the antidote for overdose, milk.) http://lars.ingebrigtsen.no * Sent from my Rome
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 31 Jan 2012 11:37:57 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 31 06:37:57 2012 Received: from localhost ([127.0.0.1]:46372 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RsC24-0004jT-Ky for submit <at> debbugs.gnu.org; Tue, 31 Jan 2012 06:37:55 -0500 Received: from mailout-de.gmx.net ([213.165.64.23]:34286) by debbugs.gnu.org with smtp (Exim 4.72) (envelope-from <michael.albinus@HIDDEN>) id 1RsC1z-0004jE-LG for 9113 <at> debbugs.gnu.org; Tue, 31 Jan 2012 06:37:49 -0500 Received: (qmail invoked by alias); 31 Jan 2012 11:37:25 -0000 Received: from p57BB95C8.dip0.t-ipconnect.de (EHLO detlef.gmx.de) [87.187.149.200] by mail.gmx.net (mp031) with SMTP; 31 Jan 2012 12:37:25 +0100 X-Authenticated: #3708877 X-Provags-ID: V01U2FsdGVkX1/aVy8ZmODaH3rPrsYwU7q3srT9tpsmfyHcE1bu1t 3VdKCsuz7h4pQc From: Michael Albinus <michael.albinus@HIDDEN> To: Lars Ingebrigtsen <larsi@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> <jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> <87bopldu58.fsf@HIDDEN> <jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN> <87fwexduac.fsf@HIDDEN> <87liooyvmj.fsf_-_@HIDDEN> Date: Tue, 31 Jan 2012 12:37:17 +0100 In-Reply-To: <87liooyvmj.fsf_-_@HIDDEN> (Ted Zlatanov's message of "Tue, 31 Jan 2012 06:11:32 -0500") Message-ID: <877h08gl1u.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Y-GMX-Trusted: 0 X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Achim Gratz <Stromeko@HIDDEN>, Chong Yidong <cyd@HIDDEN>, Stefan Monnier <monnier@HIDDEN>, Roland Winkler <winkler@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -1.9 (-) Ted Zlatanov <tzz@HIDDEN> writes: > As a default, it seems that storing the credential data in a temporary > in-memory auth-source backend *by default* is the best solution. You use already password-cache.el in auth-source.el. It could be made public by allowing a :cache entry in `auth-sources'. > Then on exit or on `auth-source-save', if there is something in the > in-memory backend, we can ask the user if he wants to save the passwords > and where, with all the consequent UI choices. The user can pick a > plain file, or a plain file with password tokens, or a GPG-encrypted > file (with or without external support), or the platform's keychain > service, if available. At that time the UI can modify `auth-sources' > for the user. Too complicate. If a user decides for cached passwords, she shouldn't be asked for saving. It is convenient enough to enter a password only once during a session. > Ted Best regards, Michael.
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 31 Jan 2012 11:11:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 31 06:11:58 2012
Received: from localhost ([127.0.0.1]:46361 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1RsBcx-0003IM-FF
for submit <at> debbugs.gnu.org; Tue, 31 Jan 2012 06:11:58 -0500
Received: from z.lifelogs.com ([173.255.230.239]:36829)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <tzz@HIDDEN>) id 1RsBcr-0003IB-Tf
for 9113 <at> debbugs.gnu.org; Tue, 31 Jan 2012 06:11:54 -0500
Received: from heechee (c-76-28-40-19.hsd1.vt.comcast.net [76.28.40.19])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested) (Authenticated sender: tzz)
by z.lifelogs.com (Postfix) with ESMTPSA id 297DE7E205;
Tue, 31 Jan 2012 11:11:33 +0000 (UTC)
From: Ted Zlatanov <tzz@HIDDEN>
To: Lars Ingebrigtsen <larsi@HIDDEN>
Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
References: <87mxgcffq1.fsf@HIDDEN> <jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
<87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN>
<jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> <87bopldu58.fsf@HIDDEN>
<jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN> <87fwexduac.fsf@HIDDEN>
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
Date: Tue, 31 Jan 2012 06:11:32 -0500
In-Reply-To: <87fwexduac.fsf@HIDDEN> (Lars Ingebrigtsen's message of "Mon,
30 Jan 2012 17:33:47 +0100, Tue, 31 Jan 2012 14:55:57 +0800, Mon, 30
Jan 2012 17:36:51 +0100, Mon, 30 Jan 2012 17:18:30 -0500, Tue, 31 Jan
2012 10:00:32 +0100, Mon, 30 Jan 2012 23:21:19 +0100")
Message-ID: <87liooyvmj.fsf_-_@HIDDEN>
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -1.9 (-)
X-Debbugs-Envelope-To: 9113
Cc: Chong Yidong <cyd@HIDDEN>, Roland Winkler <winkler@HIDDEN>,
9113 <at> debbugs.gnu.org, Achim Gratz <Stromeko@HIDDEN>,
Michael Albinus <michael.albinus@HIDDEN>,
Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -1.9 (-)
On Mon, 30 Jan 2012 17:33:47 +0100 Lars Ingebrigtsen <larsi@HIDDEN> wrote:
LI> Ted Zlatanov <tzz@HIDDEN> writes:
>> The encryption doesn't have to be strong. It could use a well-known
>> secret that the user can override, rather than an actual passphrase, and
>> then no questions will be asked.
LI> Sure. This is what Firefox (etc.) does, and (most) people seem to be
LI> satisfied with that. On the other hand, this is just obscuring the
LI> passwords, so the difference between this and, say,
LI> machine smtp.gmail.com user foo password base64:c2VjcmV0
LI> isn't huge. (I mean, it is a real difference, but I'm not quite sure
LI> whether it's a difference with a distinction. :-)
LI> So perhaps auth-source should just base64-encode password tokens by
LI> default for Emacs 24.1? That would give the users less of an "EEK"
LI> feeling if they're looking at this file, and somebody is looking over
LI> their shoulders...
On Tue, 31 Jan 2012 14:55:57 +0800 Chong Yidong <cyd@HIDDEN> wrote:
CY> Or we could rot13 it ;-)
Base64 or ROT-13 would make the encryption trivial to crack *and* would
make the tokens unusable by other programs. I don't think it's a good
compromise.
On Tue, 31 Jan 2012 10:00:32 +0100 Michael Albinus <michael.albinus@HIDDEN> wrote:
MA> The problem is, that there is no default under which name a password
MA> is stored [in the Secrets API]. Evrery application seems to use its
MA> own naming scheme.
We can probably work around that. I'm more concerned that there is no
standard keychain for GNU/Linux or W32. These are completely optional
services, up to the administrator and the user to install and activate.
On most server machines, for instance, you won't find a desktop
environment with a keychain or a GPG agent, although you may find a SSH
agent. This solution is guaranteed to work only for Mac OS X.
On Mon, 30 Jan 2012 23:21:19 +0100 Lars Ingebrigtsen <larsi@HIDDEN> wrote:
LI> Stefan Monnier <monnier@HIDDEN> writes:
>> Exactly. So, yes, I want Emacs to support the system's keychain tool,
>> since it's the right solution for the job.
LI> If that's possible, then it would indeed be a lot better than stashing
LI> the credentials in a file.
I'm not convinced it's better, see above. In addition, it's hardly
portable: how would the user take his credentials to another machine?
Another platform? It seems like a lock-in situation which I am not keen
to impose on our users.
As a default, it seems that storing the credential data in a temporary
in-memory auth-source backend *by default* is the best solution.
Then on exit or on `auth-source-save', if there is something in the
in-memory backend, we can ask the user if he wants to save the passwords
and where, with all the consequent UI choices. The user can pick a
plain file, or a plain file with password tokens, or a GPG-encrypted
file (with or without external support), or the platform's keychain
service, if available. At that time the UI can modify `auth-sources'
for the user.
Ted
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 31 Jan 2012 09:01:04 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 31 04:01:04 2012 Received: from localhost ([127.0.0.1]:46310 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1Rs9aH-0000LD-Jo for submit <at> debbugs.gnu.org; Tue, 31 Jan 2012 04:01:03 -0500 Received: from mailout-de.gmx.net ([213.165.64.22]:49647) by debbugs.gnu.org with smtp (Exim 4.72) (envelope-from <michael.albinus@HIDDEN>) id 1Rs9aD-0000Kw-IR for 9113 <at> debbugs.gnu.org; Tue, 31 Jan 2012 04:00:59 -0500 Received: (qmail invoked by alias); 31 Jan 2012 09:00:36 -0000 Received: from p57BB95C8.dip0.t-ipconnect.de (EHLO detlef.gmx.de) [87.187.149.200] by mail.gmx.net (mp038) with SMTP; 31 Jan 2012 10:00:36 +0100 X-Authenticated: #3708877 X-Provags-ID: V01U2FsdGVkX1+GIpYAIyiGkowpPxLZl3lsRlTjxA2aTzF9nnRrU0 3FYslAMVc9opkL From: Michael Albinus <michael.albinus@HIDDEN> To: Stefan Monnier <monnier@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> <jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> <87bopldu58.fsf@HIDDEN> <jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN> Date: Tue, 31 Jan 2012 10:00:32 +0100 In-Reply-To: <jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN> (Stefan Monnier's message of "Mon, 30 Jan 2012 17:18:30 -0500") Message-ID: <87bopkgsb3.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Y-GMX-Trusted: 0 X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Lars Ingebrigtsen <larsi@HIDDEN>, Achim Gratz <Stromeko@HIDDEN>, Roland Winkler <winkler@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -1.9 (-) Stefan Monnier <monnier@HIDDEN> writes: >> Or does (say) OS X (or Ubuntu) start a key chain when you log in, and >> then Thunderbird consults that when it connects to the IMAP server? > > Exactly. So, yes, I want Emacs to support the system's keychain tool, > since it's the right solution for the job. auth-sources.el supports already secrets.el, which is an interface to Gnome keyring and KWallet, respectively. The problem is, that there is no default under which name a password is stored there. Evrery application seems to use its own naming scheme. > Stefan Best regards, Michael.
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 31 Jan 2012 06:56:31 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 31 01:56:31 2012 Received: from localhost ([127.0.0.1]:46219 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1Rs7di-0004MO-Ga for submit <at> debbugs.gnu.org; Tue, 31 Jan 2012 01:56:31 -0500 Received: from fencepost.gnu.org ([140.186.70.10]:41925 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <cyd@HIDDEN>) id 1Rs7dc-0004ME-Sz for 9113 <at> debbugs.gnu.org; Tue, 31 Jan 2012 01:56:25 -0500 Received: from [155.69.16.255] (port=1079 helo=furball) by fencepost.gnu.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from <cyd@HIDDEN>) id 1Rs7dN-0005VH-0o; Tue, 31 Jan 2012 01:56:05 -0500 From: Chong Yidong <cyd@HIDDEN> To: Lars Ingebrigtsen <larsi@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> <87fwexduac.fsf@HIDDEN> Date: Tue, 31 Jan 2012 14:55:57 +0800 In-Reply-To: <87fwexduac.fsf@HIDDEN> (Lars Ingebrigtsen's message of "Mon, 30 Jan 2012 17:33:47 +0100") Message-ID: <874nvc8io2.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.93 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -4.2 (----) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Achim Gratz <Stromeko@HIDDEN>, Roland Winkler <winkler@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -4.2 (----) Lars Ingebrigtsen <larsi@HIDDEN> writes: > So perhaps auth-source should just base64-encode password tokens by > default for Emacs 24.1? That would give the users less of an "EEK" > feeling if they're looking at this file, and somebody is looking over > their shoulders... Or we could rot13 it ;-)
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 30 Jan 2012 22:21:47 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 30 17:21:47 2012 Received: from localhost ([127.0.0.1]:45726 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1Rrzbf-0006xG-41 for submit <at> debbugs.gnu.org; Mon, 30 Jan 2012 17:21:47 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:53388) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RrzbY-0006x0-IX for 9113 <at> debbugs.gnu.org; Mon, 30 Jan 2012 17:21:45 -0500 Received: from 93-41-188-50.ip82.fastwebnet.it ([93.41.188.50] helo=rusty) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RrzbF-0001rt-Ej; Mon, 30 Jan 2012 23:21:21 +0100 From: Lars Ingebrigtsen <larsi@HIDDEN> To: Stefan Monnier <monnier@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> <jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> <87bopldu58.fsf@HIDDEN> <jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN> Date: Mon, 30 Jan 2012 23:21:19 +0100 In-Reply-To: <jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN> (Stefan Monnier's message of "Mon, 30 Jan 2012 17:18:30 -0500") Message-ID: <877h08bzmo.fsf@HIDDEN> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1RrzbF-0001rt-Ej X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@HIDDEN MailScanner-NULL-Check: 1328566882.16109@3ULn0Zj3H1J3dJhAnzJvbg X-Spam-Status: No X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Achim Gratz <Stromeko@HIDDEN>, Roland Winkler <winkler@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -1.9 (-) Stefan Monnier <monnier@HIDDEN> writes: > Exactly. So, yes, I want Emacs to support the system's keychain tool, > since it's the right solution for the job. If that's possible, then it would indeed be a lot better than stashing the credentials in a file. -- (domestic pets only, the antidote for overdose, milk.) http://lars.ingebrigtsen.no * Sent from my Rome
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 30 Jan 2012 22:18:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 30 17:18:49 2012
Received: from localhost ([127.0.0.1]:45722 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1RrzYi-0006so-DJ
for submit <at> debbugs.gnu.org; Mon, 30 Jan 2012 17:18:49 -0500
Received: from chene.dit.umontreal.ca ([132.204.246.20]:57371)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <monnier@HIDDEN>) id 1RrzYh-0006sg-0f
for 9113 <at> debbugs.gnu.org; Mon, 30 Jan 2012 17:18:43 -0500
Received: from faina.iro.umontreal.ca (lechon.iro.umontreal.ca
[132.204.27.242])
by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id q0UMIUMR016170;
Mon, 30 Jan 2012 17:18:30 -0500
Received: by faina.iro.umontreal.ca (Postfix, from userid 20848)
id 2C7B6B4431; Mon, 30 Jan 2012 17:18:30 -0500 (EST)
From: Stefan Monnier <monnier@HIDDEN>
To: Lars Ingebrigtsen <larsi@HIDDEN>
Subject: Re: bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg
Message-ID: <jwvr4yg4yyh.fsf-monnier+emacs@HIDDEN>
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
<87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN>
<jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> <87bopldu58.fsf@HIDDEN>
Date: Mon, 30 Jan 2012 17:18:30 -0500
In-Reply-To: <87bopldu58.fsf@HIDDEN> (Lars Ingebrigtsen's message of "Mon,
30 Jan 2012 17:36:51 +0100")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 5
X-NAI-Spam-Score: 0.2
X-NAI-Spam-Rules: 2 Rules triggered
GEN_SPAM_FEATRE=0.2, RV4117=0
X-NAI-Spam-Version: 2.2.0.9309 : core <4117> : streams <724360> : uri <1056756>
X-Spam-Score: -3.5 (---)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org, Achim Gratz <Stromeko@HIDDEN>,
Roland Winkler <winkler@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -3.5 (---)
> Or does (say) OS X (or Ubuntu) start a key chain when you log in, and
> then Thunderbird consults that when it connects to the IMAP server?
Exactly. So, yes, I want Emacs to support the system's keychain tool,
since it's the right solution for the job.
Stefan
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 30 Jan 2012 18:50:13 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 30 13:50:13 2012 Received: from localhost ([127.0.0.1]:45556 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RrwIv-0001Ct-Iz for submit <at> debbugs.gnu.org; Mon, 30 Jan 2012 13:50:13 -0500 Received: from fencepost.gnu.org ([140.186.70.10]:57601 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <winkler@HIDDEN>) id 1RrwIt-0001Cm-4s for 9113 <at> debbugs.gnu.org; Mon, 30 Jan 2012 13:50:11 -0500 Received: from 82.red-80-32-229.staticip.rima-tde.net ([80.32.229.82]:42534 helo=regnitz) by fencepost.gnu.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from <winkler@HIDDEN>) id 1RrwIf-0002ib-CZ; Mon, 30 Jan 2012 13:49:59 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <20262.58933.279312.27746@HIDDEN> Date: Mon, 30 Jan 2012 12:49:25 -0600 From: "Roland Winkler" <winkler@HIDDEN> To: Lars Ingebrigtsen <larsi@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg In-Reply-To: <87y5spdv0k.fsf@HIDDEN> References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <20259.46649.66744.396059@HIDDEN> <877h0bveaq.fsf@HIDDEN> <20260.19768.553254.135471@HIDDEN> <87y5spdv0k.fsf@HIDDEN> X-Mailer: VM 8.2 trial under 24.0.93.1 (x86_64-unknown-linux-gnu) X-Spam-Score: -4.2 (----) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Ted Zlatanov <tzz@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -4.2 (----) On Mon Jan 30 2012 Lars Ingebrigtsen wrote: > Anyway, having to enter a password for (say) sending email, even if your > SMTP server isn't password-protected (as you have to do with > .authinfo.gpg) isn't particularly ideal. Again, it appears to me that such a problem could be solved completely differently. Why couldn't one tell auth-source (say, via a user variable) for which cases it can find a password in .authinfo(.gpg)? Or the other way round: a user variable telling authinfo for which cases it should not seek a password in .authinfo(.gpg)? Or various variations of such a solution... I'd guess that any solution dealing with .authinfo(.gpg) even when this file is not required is asking for trouble in one or the other way. Roland
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 30 Jan 2012 16:39:54 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 30 11:39:54 2012 Received: from localhost ([127.0.0.1]:45415 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RruGn-0006Ye-Hj for submit <at> debbugs.gnu.org; Mon, 30 Jan 2012 11:39:54 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:57311) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RruGm-0006YX-6T for 9113 <at> debbugs.gnu.org; Mon, 30 Jan 2012 11:39:53 -0500 Received: from 93-41-188-50.ip82.fastwebnet.it ([93.41.188.50] helo=rusty) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RruDt-00018d-Un; Mon, 30 Jan 2012 17:36:54 +0100 From: Lars Ingebrigtsen <larsi@HIDDEN> To: Stefan Monnier <monnier@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> <jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> Date: Mon, 30 Jan 2012 17:36:51 +0100 In-Reply-To: <jwvpqe65kh9.fsf-monnier+emacs@HIDDEN> (Stefan Monnier's message of "Thu, 26 Jan 2012 16:41:19 -0500") Message-ID: <87bopldu58.fsf@HIDDEN> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1RruDt-00018d-Un X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@HIDDEN MailScanner-NULL-Check: 1328546215.42914@PrQvQzdK17SzQ1laUJxa/Q X-Spam-Status: No X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Achim Gratz <Stromeko@HIDDEN>, Roland Winkler <winkler@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -1.9 (-) Stefan Monnier <monnier@HIDDEN> writes: > I don't know about you, but I don't let Firefox store my mailbox's > password. I have a lot of passwords stored in Firefox's database, but > they're all things I don't really care about (e.g. passwords to log into > some stupid web-forums). I think it's fairly normal to let your mail reader store your email password. So replace Firefox with Thunderbird or Mail.app, and the passwords will (again) be unencrypted, I think? Or does (say) OS X (or Ubuntu) start a key chain when you log in, and then Thunderbird consults that when it connects to the IMAP server? -- (domestic pets only, the antidote for overdose, milk.) http://lars.ingebrigtsen.no * Sent from my Rome
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 30 Jan 2012 16:35:47 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 30 11:35:47 2012 Received: from localhost ([127.0.0.1]:45411 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RruCo-0006T4-Jg for submit <at> debbugs.gnu.org; Mon, 30 Jan 2012 11:35:47 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:53791) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RruCm-0006Sx-JH for 9113 <at> debbugs.gnu.org; Mon, 30 Jan 2012 11:35:45 -0500 Received: from 93-41-188-50.ip82.fastwebnet.it ([93.41.188.50] helo=rusty) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RruAv-0008Vl-LM; Mon, 30 Jan 2012 17:33:49 +0100 From: Lars Ingebrigtsen <larsi@HIDDEN> To: Achim Gratz <Stromeko@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> Date: Mon, 30 Jan 2012 17:33:47 +0100 In-Reply-To: <87bopq6xng.fsf@HIDDEN> (Ted Zlatanov's message of "Thu, 26 Jan 2012 14:01:39 -0600") Message-ID: <87fwexduac.fsf@HIDDEN> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1RruAv-0008Vl-LM X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@HIDDEN MailScanner-NULL-Check: 1328546030.80862@BIRNZdyiChj3CnNl7ZABWQ X-Spam-Status: No X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>, Roland Winkler <winkler@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -1.9 (-) Ted Zlatanov <tzz@HIDDEN> writes: > The encryption doesn't have to be strong. It could use a well-known > secret that the user can override, rather than an actual passphrase, and > then no questions will be asked. Sure. This is what Firefox (etc.) does, and (most) people seem to be satisfied with that. On the other hand, this is just obscuring the passwords, so the difference between this and, say, machine smtp.gmail.com user foo password base64:c2VjcmV0 isn't huge. (I mean, it is a real difference, but I'm not quite sure whether it's a difference with a distinction. :-) So perhaps auth-source should just base64-encode password tokens by default for Emacs 24.1? That would give the users less of an "EEK" feeling if they're looking at this file, and somebody is looking over their shoulders... -- (domestic pets only, the antidote for overdose, milk.) http://lars.ingebrigtsen.no * Sent from my Rome
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 30 Jan 2012 16:18:31 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 30 11:18:31 2012 Received: from localhost ([127.0.0.1]:45394 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1Rrtw6-0005zB-A8 for submit <at> debbugs.gnu.org; Mon, 30 Jan 2012 11:18:30 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:48928) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1Rrtw2-0005z2-HV for 9113 <at> debbugs.gnu.org; Mon, 30 Jan 2012 11:18:28 -0500 Received: from 93-41-188-50.ip82.fastwebnet.it ([93.41.188.50] helo=rusty) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1Rrtvi-0007nB-0H; Mon, 30 Jan 2012 17:18:06 +0100 From: Lars Ingebrigtsen <larsi@HIDDEN> To: "Roland Winkler" <winkler@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <20259.46649.66744.396059@HIDDEN> <877h0bveaq.fsf@HIDDEN> <20260.19768.553254.135471@HIDDEN> Date: Mon, 30 Jan 2012 17:18:03 +0100 In-Reply-To: <20260.19768.553254.135471@HIDDEN> (Roland Winkler's message of "Sat, 28 Jan 2012 13:32:08 -0600") Message-ID: <87y5spdv0k.fsf@HIDDEN> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1Rrtvi-0007nB-0H X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@HIDDEN MailScanner-NULL-Check: 1328545086.32235@721grmwwMNMcs8YfR3GYYw X-Spam-Status: No X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Ted Zlatanov <tzz@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -1.9 (-) "Roland Winkler" <winkler@HIDDEN> writes: > But then it appears to me that elsewhere there is a problem: > > Why is it necessary that Emacs reads this file three gazillion > times? I would assume: reading the encrypted file once and holding > the content in memory cannot be more unsecure than storing the > sensitive information in an unencrypted file. Yes, that's more secure. Now that you mention it, perhaps we did fix the aggressive password prompting? I seem to remember adding a cache at some point... Anyway, having to enter a password for (say) sending email, even if your SMTP server isn't password-protected (as you have to do with .authinfo.gpg) isn't particularly ideal. So I think the .authinfo.gpg concept isn't a good thing. (But encrypting tokens in the .authinfo file might be.) And perhaps the password token in .authinfo should always be obscured, at least, to avoid accidentally spilling the passwords (visually) if you do a grep .* or something. (This is what all the other password-hoarding applications like Firefox, Chrome, etc do by default.) -- (domestic pets only, the antidote for overdose, milk.) http://lars.ingebrigtsen.no * Sent from my Rome
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 29 Jan 2012 09:50:41 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jan 29 04:50:40 2012 Received: from localhost ([127.0.0.1]:42967 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RrRPE-0006GG-BQ for submit <at> debbugs.gnu.org; Sun, 29 Jan 2012 04:50:40 -0500 Received: from www10194u.sakura.ne.jp ([182.48.42.232]:32931) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <ueno@HIDDEN>) id 1RrRPA-0006G6-W1 for 9113 <at> debbugs.gnu.org; Sun, 29 Jan 2012 04:50:38 -0500 Message-ID: <87vcnuon1c.fsf-ueno@HIDDEN> From: Daiki Ueno <ueno@HIDDEN> To: 9113 <at> debbugs.gnu.org Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> <87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN> <m3ty3hkjbf.fsf-ueno@HIDDEN> <878vkt3yiv.fsf_-_@HIDDEN> Date: Sun, 29 Jan 2012 18:50:23 +0900 In-Reply-To: <878vkt3yiv.fsf_-_@HIDDEN> (Ted Zlatanov's message of "Fri, 27 Jan 2012 10:23:20 -0600") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 0.6 (/) X-Debbugs-Envelope-To: 9113 Cc: Lars Ingebrigtsen <larsi@HIDDEN>, Achim Gratz <Stromeko@HIDDEN>, Roland Winkler <winkler@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -1.9 (-) Ted Zlatanov <tzz@HIDDEN> writes: > I think we'll need something on top of EPA/EPG if we support OpenPGP > packets with libnettle, I don't think it is a good idea to expose full cryptographic functions in libnettle into Elisp, simply because there is no real use-case for them except auth-source. If you really want them and you think your problem can only be solved with that approach, I would rather suggest to add gpg-encrypt-simple and gpg-decrypt-simple in C level, which generates OpenPGP packets but only supports single fixed algorithm and parameters. So, anyway, this topic is not quite relevant to EPA/EPG from my standpoint. Regards, -- Daiki Ueno
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 28 Jan 2012 19:33:09 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 28 14:33:09 2012 Received: from localhost ([127.0.0.1]:48538 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RrE1N-0003hu-Dq for submit <at> debbugs.gnu.org; Sat, 28 Jan 2012 14:33:09 -0500 Received: from fencepost.gnu.org ([140.186.70.10]:49100 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <winkler@HIDDEN>) id 1RrE1K-0003hn-P6 for 9113 <at> debbugs.gnu.org; Sat, 28 Jan 2012 14:33:07 -0500 Received: from 82.red-80-32-229.staticip.rima-tde.net ([80.32.229.82]:39265 helo=regnitz) by fencepost.gnu.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from <winkler@HIDDEN>) id 1RrE0Y-0002fm-69; Sat, 28 Jan 2012 14:32:20 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <20260.19768.553254.135471@HIDDEN> Date: Sat, 28 Jan 2012 13:32:08 -0600 From: "Roland Winkler" <winkler@HIDDEN> To: Lars Ingebrigtsen <larsi@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg In-Reply-To: <877h0bveaq.fsf@HIDDEN> References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <20259.46649.66744.396059@HIDDEN> <877h0bveaq.fsf@HIDDEN> X-Mailer: VM 8.2 trial under 24.0.92.1 (x86_64-unknown-linux-gnu) X-Spam-Score: -4.2 (----) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Ted Zlatanov <tzz@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -4.2 (----) On Sat Jan 28 2012 Lars Ingebrigtsen wrote: > "Roland Winkler" <winkler@HIDDEN> writes: > > > It is highly recommended to store the file .authinfo as an > > encrypted file as .authinfo.gpg, though in some cases such a > > solution can be inconvenient or otherwise problematic. > > I would say "it's highly discouraged", because putting your > passwords into the .authinfo.gpg file will render your Emacs > virtually unusable for reading mail/news/etc. (By default.) > > I mean, unless you think typing in a password three gazillion > times is OK. But then it appears to me that elsewhere there is a problem: Why is it necessary that Emacs reads this file three gazillion times? I would assume: reading the encrypted file once and holding the content in memory cannot be more unsecure than storing the sensitive information in an unencrypted file. With an unencrypted file, the passwords are definitely lost / exposed if my laptop is lost or stolen. With an encrypted file, a thief needs to access the memory of a running (or dumped) emacs process, which appears less likely to me. In any case, how are ssh-agent and gpg-agent handling passphrases that are given to them? What am I missing here? Roland
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 28 Jan 2012 19:06:00 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 28 14:06:00 2012 Received: from localhost ([127.0.0.1]:48518 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RrDb6-0002Hz-1K for submit <at> debbugs.gnu.org; Sat, 28 Jan 2012 14:06:00 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:60978) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RrDb1-0002Hn-VH for 9113 <at> debbugs.gnu.org; Sat, 28 Jan 2012 14:05:58 -0500 Received: from 93-41-188-50.ip82.fastwebnet.it ([93.41.188.50] helo=rusty) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RrDaC-00043F-1A; Sat, 28 Jan 2012 20:05:04 +0100 From: Lars Ingebrigtsen <larsi@HIDDEN> To: "Roland Winkler" <winkler@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <20259.46649.66744.396059@HIDDEN> Date: Sat, 28 Jan 2012 20:05:01 +0100 In-Reply-To: <20259.46649.66744.396059@HIDDEN> (Roland Winkler's message of "Sat, 28 Jan 2012 02:47:53 -0600") Message-ID: <877h0bveaq.fsf@HIDDEN> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1RrDaC-00043F-1A X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@HIDDEN MailScanner-NULL-Check: 1328382304.27861@HUli3sad7h5AImfld2vbyA X-Spam-Status: No X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Ted Zlatanov <tzz@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -1.9 (-) "Roland Winkler" <winkler@HIDDEN> writes: > It is highly recommended to store the file .authinfo as an > encrypted file as .authinfo.gpg, though in some cases such a > solution can be inconvenient or otherwise problematic. I would say "it's highly discouraged", because putting your passwords into the .authinfo.gpg file will render your Emacs virtually unusable for reading mail/news/etc. (By default.) I mean, unless you think typing in a password three gazillion times is OK. -- (domestic pets only, the antidote for overdose, milk.) http://lars.ingebrigtsen.no * Sent from my Rome
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 28 Jan 2012 08:48:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jan 28 03:48:44 2012
Received: from localhost ([127.0.0.1]:47466 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1Rr3xk-0005S1-3X
for submit <at> debbugs.gnu.org; Sat, 28 Jan 2012 03:48:44 -0500
Received: from fencepost.gnu.org ([140.186.70.10]:41605 ident=Debian-exim)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <winkler@HIDDEN>) id 1Rr3xh-0005Ru-Ox
for 9113 <at> debbugs.gnu.org; Sat, 28 Jan 2012 03:48:43 -0500
Received: from 82.red-80-32-229.staticip.rima-tde.net ([80.32.229.82]:37644
helo=regnitz)
by fencepost.gnu.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
(Exim 4.71) (envelope-from <winkler@HIDDEN>)
id 1Rr3x0-0001rx-50; Sat, 28 Jan 2012 03:47:59 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20259.46649.66744.396059@HIDDEN>
Date: Sat, 28 Jan 2012 02:47:53 -0600
From: "Roland Winkler" <winkler@HIDDEN>
To: Ted Zlatanov <tzz@HIDDEN>
Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
In-Reply-To: <87aa5aa38p.fsf@HIDDEN>
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN>
<87aa5aa38p.fsf@HIDDEN>
X-Mailer: VM 8.2 trial under 24.0.92.1 (x86_64-unknown-linux-gnu)
X-Spam-Score: -4.2 (----)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -4.2 (----)
On Thu Jan 26 2012 Ted Zlatanov wrote:
> I don't recall exactly either. But here's how we can proceed. We have
> several options:
>
> 1) go back to authinfo.gpg as the first choice
>
> 2) use unencrypted authinfo with encrypted password tokens, which looks like
> this:
>
> machine supertest password
> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=
>
> 3) work on the libnettle support (automatic if we use GnuTLS) so the
> external GPG executable is not needed to generate encrypted password
> tokens or encrypted authinfo files
>
> 4) use Daiki Ueno's plist storage format (already in auth-source but not
> well tested AFAIK)
>
> 5) ask the user if he has no authinfo file what he wants to do, and
> choose sensible defaults from the above depending on whether EPA/EPG and
> GPG; or libnettle are available. If we do that, `auth-sources' will be
> set to 'ask by default.
For me, being a user who does not know too much about the subtleties
of "smart solutions" for this problem, it would already be helpful
if the relevant docstrings / info pages / a *Warnings* buffer
contained a warning like
It is highly recommended to store the file .authinfo as an
encrypted file as .authinfo.gpg, though in some cases such a
solution can be inconvenient or otherwise problematic.
On the other hand, describe-variable currently gives for
auth-sources
auth-sources is a variable defined in `auth-source.el'.
Its value is ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc")
Documentation:
List of authentication sources.
The default will get login and password information from
"~/.authinfo.gpg", which you should set up with the EPA/EPG
packages to be encrypted. If that file doesn't exist, it will
try the unencrypted version "~/.authinfo" and the famous
"~/.netrc" file.
See the auth.info manual for details.
What general scheme of precedence is implemented here if
auth-sources is a list and the "default value" in this list is not
the first or last one, but the second? Or is this just a bug in the
docstring?
For this problem, I cannot find helpful comments in the auth.info
manual either. I suggest that the docstring of auth-sources should
provide a hyperlink to the relevant section of the auth.info manual.
Roland
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 27 Jan 2012 15:24:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 27 10:24:40 2012
Received: from localhost ([127.0.0.1]:46899 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1RqnfL-0005GH-2V
for submit <at> debbugs.gnu.org; Fri, 27 Jan 2012 10:24:40 -0500
Received: from cer-mailmxol2.jumptrading.com ([208.78.214.25]:26021)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <tzz@HIDDEN>) id 1RqnfI-0005G1-7E
for 9113 <at> debbugs.gnu.org; Fri, 27 Jan 2012 10:24:37 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqQEABxsIk/AqF0N/2dsb2JhbABCrH2CWoFyAQEEAXkQCw0jFhAESQ4Fh3wIt3+JDCkQAQgBBgQDAwSEOjQCBxqDGgSIP5JUjHM
Received: from unknown (HELO chiexchange02.w2k.jumptrading.com)
([192.168.93.13])
by cer-mailmxol2.jumptrading.com with ESMTP; 27 Jan 2012 15:25:17 +0000
Received: from internalsmtp.w2k.jumptrading.com (10.2.4.29) by
chiexchange02.w2k.jumptrading.com (10.2.4.71) with Microsoft SMTP
Server id 8.2.176.0; Fri, 27 Jan 2012 09:23:51 -0600
Received: from tzlatanov-ubuntu-desktop.jumptrading.com ([10.2.27.110]) by
internalsmtp.w2k.jumptrading.com with Microsoft SMTPSVC(6.0.3790.1830);
Fri, 27 Jan 2012 09:23:50 -0600
From: Ted Zlatanov <tzz@HIDDEN>
To: Daiki Ueno <ueno@HIDDEN>
Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
References: <87mxgcffq1.fsf@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
<87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
<87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN>
<m3ty3hkjbf.fsf-ueno@HIDDEN>
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
Date: Fri, 27 Jan 2012 10:23:20 -0600
In-Reply-To: <m3ty3hkjbf.fsf-ueno@HIDDEN> (Daiki Ueno's message of "Fri,
27 Jan 2012 10:47:32 +0900, Thu, 26 Jan 2012 16:41:19 -0500")
Message-ID: <878vkt3yiv.fsf_-_@HIDDEN>
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-OriginalArrivalTime: 27 Jan 2012 15:23:50.0941 (UTC)
FILETIME=[AC235CD0:01CCDD07]
X-Spam-Score: -1.9 (-)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org, Lars Ingebrigtsen <larsi@HIDDEN>,
Achim Gratz <Stromeko@HIDDEN>, Stefan Monnier <monnier@HIDDEN>,
Roland Winkler <winkler@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -1.9 (-)
On Fri, 27 Jan 2012 10:47:32 +0900 Daiki Ueno <ueno@HIDDEN> wrote:
DU> Ted Zlatanov <tzz@HIDDEN> writes:
>>>>> 2) use unencrypted authinfo with encrypted password tokens, which
>>>>> looks like this:
>>>>
>>>>> machine supertest password
>>>>> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=
>>
>> It works fairly well but it's hacky, and can't be shared with other
>> programs. I'd like to implement it with libnettle at least, so it
>> doesn't depend on the external gpg utility. But yes, we could do this
>> one and it would work on all platforms with libnettle.
DU> I remember there were a couple of concerns:
DU> (1) it also doesn't work with GnuPG2 at all (have you tested it?)
No, I haven't tested it.
DU> (2) even with libnettle, you need to implement OpenPGP packet handling
DU> if you want to keep the data compatibility with GPG (I don't think
DU> it is a good idea to reinvent another encrypted data format with
DU> plist as you proposed)
Perhaps it would be OK to generate OpenPGP packets using libnettle, so
we are compatible with GPG. That would be a decent amount of work but
it would suddenly remove Emacs's dependency on an external utility and
make it work on all platforms with GnuTLS support. I think that's a
really good direction now that we have libnettle! Are you interested in
working on it with me, and do you see any potential problems with this
approach?
DU> How about:
DU> (1) add M-x auth-source-save command to save passwords manually
DU> (2) (message "Type \\[auth-source-save] to save your passwords to file")
DU> instead of the question
That's a very good suggestion, since currently the saving functionality
is done as a closure we pass back (internally this closure opens the
file, adds the line, then closes it, so it doesn't care about the
contents and thus is safe to call in any order). So we could simply
queue those closures and then call something to save them. But all the
prompting and UI has to be redesigned so it would be a lot of work for
me. I'd like some more opinions on this.
On Thu, 26 Jan 2012 16:41:19 -0500 Stefan Monnier <monnier@HIDDEN> wrote:
>> I'd like to implement it with libnettle at least, so it doesn't depend
>> on the external gpg utility.
SM> But that would make it work even less with other programs.
Yes. I like Ueno-san's suggestion of generating OpenPGP packets
ourselves. We can let the user decide whether he prefers encrypted
password tokens, encrypting the whole file, or leaving it in the clear.
Maybe we could even talk to the GPG agent for credentials.
SM> Another option (the better long-term option) is to use an external
SM> keychain service to handle these issues. That's what we should focus on
SM> for the "next time".
>> Do you mean gpg-agent or the OS keychain?
SM> I mean the keychain.
>> Neither is available on all platforms consistently.
SM> AFAIK all platforms have a keychain nowadays and it's the best place to
SM> put sensitive passwords such as the ones used to access your IMAP server.
I don't think GNU/Linux has anything beyond the Secrets API, and that
depends on many optional components.
Mac OS X has a standard keychain, which someone attempted to support in
Emacs but didn't get it finished. It's not too complicated.
W32 has some functionality (see
http://msdn.microsoft.com/en-us/library/aa380261(v=VS.85).aspx and
http://stackoverflow.com/questions/442923/windows-equivalent-of-os-x-keychain_
for some discussion) but not a fully capable keychain.
I don't know about the other platforms we support, but I hope this shows
that we should support but not rely on OS keychains. `auth-sources'
reflects that by making them optional choices but not the defaults.
>>>> IIRC for 23 the default was to keep the password for the current session
>>>> and not to store it in any file at all. I think it's a better default
>>>> than writing it in clear in some file, so at least for 24.1 reverting to
>>>> the Emacs-23 default is very attractive.
LI> Well, Emacs 23 just made you write the .authinfo file by hand. Emacs 24
LI> prompts you for whether you want to store the password or not. If you
LI> don't want to, say "n".
SM> Yes, I guess it's good enough.
>> One possible flow:
>> If the user says `y' then we can ask (if `auth-sources' is 'ask)
>> "Do you want to keep your passwords in a GPG-encrypted file?"
>> If they say `y' then set `auth-sources' to "~/.authinfo.gpg" and check
>> that EPA/EPG are enabled. If GPG is not available, what do we do? Use
>> libnettle? Or explain and pretend they said `n'?
SM> If GPG is not available, ask a different question, as in "It will be
SM> saved in cleartext, is that OK?"
I think we'll need something on top of EPA/EPG if we support OpenPGP
packets with libnettle, an encryption services wrapper, which we can ask
"can we encrypt?" "can we encrypt a file with external GPG?" "can we
encrypt a file with internal OpenPGP and libnettle?" and so on. Once we
have that wrapper API we can build the user interaction easily, without
ad-hoc checks.
This is getting a little long for the bug report, do you want to move it
to emacs-devel?
Ted
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 27 Jan 2012 01:48:26 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 26 20:48:26 2012
Received: from localhost ([127.0.0.1]:45960 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1RqavR-0006NZ-EJ
for submit <at> debbugs.gnu.org; Thu, 26 Jan 2012 20:48:26 -0500
Received: from www10194u.sakura.ne.jp ([182.48.42.232]:32885)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <ueno@HIDDEN>) id 1RqavN-0006NP-Iw
for 9113 <at> debbugs.gnu.org; Thu, 26 Jan 2012 20:48:23 -0500
Message-ID: <m3ty3hkjbf.fsf-ueno@HIDDEN>
From: Daiki Ueno <ueno@HIDDEN>
To: Achim Gratz <Stromeko@HIDDEN>
Subject: Re: bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
<87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN>
Date: Fri, 27 Jan 2012 10:47:32 +0900
In-Reply-To: <87bopq6xng.fsf@HIDDEN> (Ted Zlatanov's message of "Thu, 26
Jan 2012 14:01:39 -0600")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -1.9 (-)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org, Lars Ingebrigtsen <larsi@HIDDEN>,
Roland Winkler <winkler@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -1.9 (-)
Ted Zlatanov <tzz@HIDDEN> writes:
>>>> 2) use unencrypted authinfo with encrypted password tokens, which
>>>> looks like this:
>>>
>>>> machine supertest password
>>>> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=
>
> It works fairly well but it's hacky, and can't be shared with other
> programs. I'd like to implement it with libnettle at least, so it
> doesn't depend on the external gpg utility. But yes, we could do this
> one and it would work on all platforms with libnettle.
I remember there were a couple of concerns:
(1) it also doesn't work with GnuPG2 at all (have you tested it?)
(2) even with libnettle, you need to implement OpenPGP packet handling
if you want to keep the data compatibility with GPG (I don't think
it is a good idea to reinvent another encrypted data format with
plist as you proposed)
BTW,
>>> IIRC for 23 the default was to keep the password for the current session
>>> and not to store it in any file at all. I think it's a better default
>>> than writing it in clear in some file, so at least for 24.1 reverting to
>>> the Emacs-23 default is very attractive.
>
> LI> Well, Emacs 23 just made you write the .authinfo file by hand. Emacs 24
> LI> prompts you for whether you want to store the password or not. If you
> LI> don't want to, say "n".
Even then, it is combersome for me to type "n" to proceed to the next
step (i.e. accessing smtp, etc). Firefox allows user to keep browsing
password protected Web pages without answering the question immediately.
How about:
(1) add M-x auth-source-save command to save passwords manually
(2) (message "Type \\[auth-source-save] to save your passwords to file")
instead of the question
Regards,
--
Daiki Ueno
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 26 Jan 2012 21:42:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 26 16:41:59 2012
Received: from localhost ([127.0.0.1]:45904 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1RqX4x-0000sP-8z
for submit <at> debbugs.gnu.org; Thu, 26 Jan 2012 16:41:59 -0500
Received: from chene.dit.umontreal.ca ([132.204.246.20]:43329)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <monnier@HIDDEN>) id 1RqX4u-0000sG-3G
for 9113 <at> debbugs.gnu.org; Thu, 26 Jan 2012 16:41:58 -0500
Received: from faina.iro.umontreal.ca (lechon.iro.umontreal.ca
[132.204.27.242])
by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id q0QLfK1u028270;
Thu, 26 Jan 2012 16:41:20 -0500
Received: by faina.iro.umontreal.ca (Postfix, from userid 20848)
id EC87AB4431; Thu, 26 Jan 2012 16:41:19 -0500 (EST)
From: Stefan Monnier <monnier@HIDDEN>
To: Achim Gratz <Stromeko@HIDDEN>
Subject: Re: bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg
Message-ID: <jwvpqe65kh9.fsf-monnier+emacs@HIDDEN>
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
<87y5suuz85.fsf@HIDDEN> <87bopq6xng.fsf@HIDDEN>
Date: Thu, 26 Jan 2012 16:41:19 -0500
In-Reply-To: <87bopq6xng.fsf@HIDDEN> (Ted Zlatanov's message of "Thu, 26
Jan 2012 14:01:39 -0600")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 5
X-NAI-Spam-Score: 0
X-NAI-Spam-Rules: 1 Rules triggered
RV4113=0
X-NAI-Spam-Version: 2.2.0.9309 : core <4113> : streams <723245> : uri <1054288>
X-Spam-Score: -3.5 (---)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org, Lars Ingebrigtsen <larsi@HIDDEN>,
Roland Winkler <winkler@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -3.5 (---)
SM> That might be a good option.
> It works fairly well but it's hacky, and can't be shared with other
> programs.
Indeed, it's a major downside.
> I'd like to implement it with libnettle at least, so it doesn't depend
> on the external gpg utility.
But that would make it work even less with other programs.
LI> Yes. But it will require the user to type in a password to get to the
LI> password. :-) And again, programs like Firefox defaults to storing the
LI> passwords in non-encrypted files, so I don't really see why Emacs should
LI> be more difficult to use than Firefox.
I don't know about you, but I don't let Firefox store my mailbox's
password. I have a lot of passwords stored in Firefox's database, but
they're all things I don't really care about (e.g. passwords to log into
some stupid web-forums).
SM> Another option (the better long-term option) is to use an external
SM> keychain service to handle these issues. That's what we should focus on
SM> for the "next time".
> Do you mean gpg-agent or the OS keychain?
I mean the keychain.
> Neither is available on all platforms consistently.
AFAIK all platforms have a keychain nowadays and it's the best place to
put sensitive passwords such as the ones used to access your IMAP server.
>>> IIRC for 23 the default was to keep the password for the current session
>>> and not to store it in any file at all. I think it's a better default
>>> than writing it in clear in some file, so at least for 24.1 reverting to
>>> the Emacs-23 default is very attractive.
LI> Well, Emacs 23 just made you write the .authinfo file by hand. Emacs 24
LI> prompts you for whether you want to store the password or not. If you
LI> don't want to, say "n".
Yes, I guess it's good enough.
> One possible flow:
> If the user says `y' then we can ask (if `auth-sources' is 'ask)
> "Do you want to keep your passwords in a GPG-encrypted file?"
> If they say `y' then set `auth-sources' to "~/.authinfo.gpg" and check
> that EPA/EPG are enabled. If GPG is not available, what do we do? Use
> libnettle? Or explain and pretend they said `n'?
If GPG is not available, ask a different question, as in "It will be
saved in cleartext, is that OK?"
Stefan
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 26 Jan 2012 19:02:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 26 14:02:57 2012
Received: from localhost ([127.0.0.1]:45844 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1RqUb1-0004vF-Jm
for submit <at> debbugs.gnu.org; Thu, 26 Jan 2012 14:02:57 -0500
Received: from cer-mailmxol2.jumptrading.com ([208.78.214.25]:47406)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <tzz@HIDDEN>) id 1RqUav-0004uz-DF
for 9113 <at> debbugs.gnu.org; Thu, 26 Jan 2012 14:02:53 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap0EAIiiIU/AqF0N/2dsb2JhbABCr1GBcgEBBAF5EAsNARMPCwEKDwEESQ4Fh3yqEo1ZiT4QAQgBBgQDAwQlgmUdDoEFNAIHGoMaBIg/klmMdw
Received: from unknown (HELO chiexchange02.w2k.jumptrading.com)
([192.168.93.13])
by cer-mailmxol2.jumptrading.com with ESMTP; 26 Jan 2012 19:03:35 +0000
Received: from internalsmtp.w2k.jumptrading.com (10.2.4.29) by
chiexchange02.w2k.jumptrading.com (10.2.4.71) with Microsoft SMTP
Server id 8.2.176.0; Thu, 26 Jan 2012 13:02:09 -0600
Received: from tzlatanov-ubuntu-desktop.jumptrading.com ([10.2.27.110]) by
internalsmtp.w2k.jumptrading.com with Microsoft SMTPSVC(6.0.3790.1830);
Thu, 26 Jan 2012 13:02:09 -0600
From: Ted Zlatanov <tzz@HIDDEN>
To: Achim Gratz <Stromeko@HIDDEN>
Subject: Re: bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50;
auth-sources: .authinfo versus .authinfo.gpg
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
<jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
<87y5suuz85.fsf@HIDDEN>
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
Date: Thu, 26 Jan 2012 14:01:39 -0600
In-Reply-To: <87y5suuz85.fsf@HIDDEN> (Achim Gratz's message of "Thu,
26 Jan 2012 18:53:46 +0100, Thu, 26 Jan 2012 12:28:47 -0500, Thu, 26
Jan 2012 18:52:25 +0100")
Message-ID: <87bopq6xng.fsf@HIDDEN>
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-OriginalArrivalTime: 26 Jan 2012 19:02:09.0443 (UTC)
FILETIME=[010A6730:01CCDC5D]
X-Spam-Score: -1.9 (-)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org, Lars Ingebrigtsen <larsi@HIDDEN>,
Stefan Monnier <monnier@HIDDEN>, Roland Winkler <winkler@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -1.9 (-)
>>> 2) use unencrypted authinfo with encrypted password tokens, which
>>> looks like this:
>>
>>> machine supertest password
>>> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=
On Thu, 26 Jan 2012 18:53:46 +0100 Achim Gratz <Stromeko@HIDDEN> wrote:
AG> That looks appealing. Can it work with ssh-agent also?
No, unfortunately.
On Thu, 26 Jan 2012 12:28:47 -0500 Stefan Monnier <monnier@HIDDEN> wrote:
SM> That might be a good option.
It works fairly well but it's hacky, and can't be shared with other
programs. I'd like to implement it with libnettle at least, so it
doesn't depend on the external gpg utility. But yes, we could do this
one and it would work on all platforms with libnettle.
On Thu, 26 Jan 2012 18:52:25 +0100 Lars Ingebrigtsen <larsi@HIDDEN> wrote:
LI> Yes. But it will require the user to type in a password to get to the
LI> password. :-) And again, programs like Firefox defaults to storing the
LI> passwords in non-encrypted files, so I don't really see why Emacs should
LI> be more difficult to use than Firefox.
The encryption doesn't have to be strong. It could use a well-known
secret that the user can override, rather than an actual passphrase, and
then no questions will be asked.
SM> Another option (the better long-term option) is to use an external
SM> keychain service to handle these issues. That's what we should focus on
SM> for the "next time".
Do you mean gpg-agent or the OS keychain? Neither is available on all
platforms consistently.
>> IIRC for 23 the default was to keep the password for the current session
>> and not to store it in any file at all. I think it's a better default
>> than writing it in clear in some file, so at least for 24.1 reverting to
>> the Emacs-23 default is very attractive.
LI> Well, Emacs 23 just made you write the .authinfo file by hand. Emacs 24
LI> prompts you for whether you want to store the password or not. If you
LI> don't want to, say "n".
One possible flow:
If the user says `y' then we can ask (if `auth-sources' is 'ask)
"Do you want to keep your passwords in a GPG-encrypted file?"
If they say `y' then set `auth-sources' to "~/.authinfo.gpg" and check
that EPA/EPG are enabled. If GPG is not available, what do we do? Use
libnettle? Or explain and pretend they said `n'?
If they say `n' then set `auth-sources' to "~/.authinfo".
So it's one extra step. But it is getting unwieldy.
Ted
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at submit) by debbugs.gnu.org; 26 Jan 2012 17:56:03 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 26 12:56:03 2012 Received: from localhost ([127.0.0.1]:45796 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RqTYJ-0002Zi-FJ for submit <at> debbugs.gnu.org; Thu, 26 Jan 2012 12:56:03 -0500 Received: from [140.186.70.92] (port=52969 helo=eggs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RqTYG-0002YM-QB for submit <at> debbugs.gnu.org; Thu, 26 Jan 2012 12:56:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RqTWl-0003fC-0R for submit <at> debbugs.gnu.org; Thu, 26 Jan 2012 12:54:30 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, T_RP_MATCHES_RCVD autolearn=unavailable version=3.3.2 Received: from [140.186.70.17] (port=41121 helo=lists.gnu.org) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RqTWk-0003bq-Ql for submit <at> debbugs.gnu.org; Thu, 26 Jan 2012 12:54:26 -0500 Received: from [140.186.70.92] (port=40841 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RqTWa-0001hS-LJ for bug-gnu-emacs@HIDDEN; Thu, 26 Jan 2012 12:54:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RqTWO-0003aM-LK for bug-gnu-emacs@HIDDEN; Thu, 26 Jan 2012 12:54:10 -0500 Received: from lo.gmane.org ([80.91.229.12]:48122) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RqTWO-0003aH-9W for bug-gnu-emacs@HIDDEN; Thu, 26 Jan 2012 12:54:04 -0500 Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from <geb-bug-gnu-emacs@HIDDEN>) id 1RqTWL-0005SB-PG for bug-gnu-emacs@HIDDEN; Thu, 26 Jan 2012 18:54:01 +0100 Received: from pd9eb5208.dip.t-dialin.net ([217.235.82.8]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <bug-gnu-emacs@HIDDEN>; Thu, 26 Jan 2012 18:54:01 +0100 Received: from Stromeko by pd9eb5208.dip.t-dialin.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <bug-gnu-emacs@HIDDEN>; Thu, 26 Jan 2012 18:54:01 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: bug-gnu-emacs@HIDDEN From: Achim Gratz <Stromeko@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg Date: Thu, 26 Jan 2012 18:53:46 +0100 Lines: 15 Message-ID: <87y5suuz85.fsf@HIDDEN> References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> Mime-Version: 1.0 Content-Type: text/plain X-Complaints-To: usenet@HIDDEN X-Gmane-NNTP-Posting-Host: pd9eb5208.dip.t-dialin.net User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux) Cancel-Lock: sha1:tqUHDPqNuNQE0Q0yMM8ieJacHZI= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.17 X-Spam-Score: -3.4 (---) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -3.4 (---) Ted Zlatanov <tzz@HIDDEN> writes: > 2) use unencrypted authinfo with encrypted password tokens, which looks like this: > > machine supertest password gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM= That looks appealing. Can it work with ssh-agent also? Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Waldorf MIDI Implementation & additional documentation: http://Synth.Stromeko.net/Downloads.html#WaldorfDocs
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at 9113) by debbugs.gnu.org; 26 Jan 2012 17:53:13 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 26 12:53:13 2012 Received: from localhost ([127.0.0.1]:45792 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1RqTVY-0002VX-Tq for submit <at> debbugs.gnu.org; Thu, 26 Jan 2012 12:53:13 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:60305) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RqTVW-0002VK-4U for 9113 <at> debbugs.gnu.org; Thu, 26 Jan 2012 12:53:12 -0500 Received: from 93-41-173-241.ip82.fastwebnet.it ([93.41.173.241] helo=rusty) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <larsi@HIDDEN>) id 1RqTUp-0002CR-MV; Thu, 26 Jan 2012 18:52:27 +0100 From: Lars Ingebrigtsen <larsi@HIDDEN> To: Stefan Monnier <monnier@HIDDEN> Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN> <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN> <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> Date: Thu, 26 Jan 2012 18:52:25 +0100 In-Reply-To: <jwv7h0e751z.fsf-monnier+emacs@HIDDEN> (Stefan Monnier's message of "Thu, 26 Jan 2012 12:28:47 -0500") Message-ID: <87mx9al5ba.fsf@HIDDEN> User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1RqTUp-0002CR-MV X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@HIDDEN MailScanner-NULL-Check: 1328205148.1232@jElzFBzpCxqkF44YR+mn8w X-Spam-Status: No X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 9113 Cc: 9113 <at> debbugs.gnu.org, Roland Winkler <winkler@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -1.9 (-) Stefan Monnier <monnier@HIDDEN> writes: > I'm not sure what this means: how does it fix the problem, what other > consequences does it have? E.g. will Emacs end up asking for my > password to read autoinfo.gpg even though the thing it's looking for is > not there? Yes. That was the major reason for not using .authinfo.gpg. >> 2) use unencrypted authinfo with encrypted password tokens, which >> looks like this: > >> machine supertest password >> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM= > > That might be a good option. Yes. But it will require the user to type in a password to get to the password. :-) And again, programs like Firefox defaults to storing the passwords in non-encrypted files, so I don't really see why Emacs should be more difficult to use than Firefox. > IIRC for 23 the default was to keep the password for the current session > and not to store it in any file at all. I think it's a better default > than writing it in clear in some file, so at least for 24.1 reverting to > the Emacs-23 default is very attractive. Well, Emacs 23 just made you write the .authinfo file by hand. Emacs 24 prompts you for whether you want to store the password or not. If you don't want to, say "n". -- (domestic pets only, the antidote for overdose, milk.) http://lars.ingebrigtsen.no * Sent from my Rome
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 26 Jan 2012 17:29:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 26 12:29:25 2012
Received: from localhost ([127.0.0.1]:45768 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1RqT8W-000197-BU
for submit <at> debbugs.gnu.org; Thu, 26 Jan 2012 12:29:24 -0500
Received: from chene.dit.umontreal.ca ([132.204.246.20]:49355)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <monnier@HIDDEN>) id 1RqT8T-00018z-Nb
for 9113 <at> debbugs.gnu.org; Thu, 26 Jan 2012 12:29:22 -0500
Received: from faina.iro.umontreal.ca (lechon.iro.umontreal.ca
[132.204.27.242])
by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id q0QHSmbS001177;
Thu, 26 Jan 2012 12:28:48 -0500
Received: by faina.iro.umontreal.ca (Postfix, from userid 20848)
id 19F12B4431; Thu, 26 Jan 2012 12:28:48 -0500 (EST)
From: Stefan Monnier <monnier@HIDDEN>
To: Roland Winkler <winkler@HIDDEN>
Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Message-ID: <jwv7h0e751z.fsf-monnier+emacs@HIDDEN>
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> <87aa5aa38p.fsf@HIDDEN>
Date: Thu, 26 Jan 2012 12:28:47 -0500
In-Reply-To: <87aa5aa38p.fsf@HIDDEN> (Ted Zlatanov's message of "Thu, 26
Jan 2012 09:32:38 -0600")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 5
X-NAI-Spam-Score: 0
X-NAI-Spam-Rules: 1 Rules triggered
RV4113=0
X-NAI-Spam-Version: 2.2.0.9309 : core <4113> : streams <723202> : uri <1054170>
X-Spam-Score: -3.5 (---)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -3.5 (---)
>>> The Emacs maintainers asked me to make the default unencrypted. I don't
>>> think they will change their position.
SM> I can't remember exactly how we got there. But I do agree that saving
SM> a password unencrypted by default is not a good idea.
> I don't recall exactly either. But here's how we can proceed. We have
> several options:
> 1) go back to authinfo.gpg as the first choice
I'm not sure what this means: how does it fix the problem, what other
consequences does it have? E.g. will Emacs end up asking for my
password to read autoinfo.gpg even though the thing it's looking for is
not there?
> 2) use unencrypted authinfo with encrypted password tokens, which
> looks like this:
> machine supertest password
> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=
That might be a good option.
> Additionally, we should decide if any of this is happening for 24.1. I
> would really prefer to make the default more secure for 24.1.
IIRC for 23 the default was to keep the password for the current session
and not to store it in any file at all. I think it's a better default
than writing it in clear in some file, so at least for 24.1 reverting to
the Emacs-23 default is very attractive.
Another option (the better long-term option) is to use an external
keychain service to handle these issues. That's what we should focus on
for the "next time".
Stefan
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 26 Jan 2012 14:33:50 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 26 09:33:50 2012
Received: from localhost ([127.0.0.1]:45120 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1RqQOb-00028N-AL
for submit <at> debbugs.gnu.org; Thu, 26 Jan 2012 09:33:50 -0500
Received: from cer-mailmxol2.jumptrading.com ([208.78.214.25]:65132)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <tzz@HIDDEN>) id 1RqQOX-000284-Tj
for 9113 <at> debbugs.gnu.org; Thu, 26 Jan 2012 09:33:47 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap0EAN4iIU/AqF0N/2dsb2JhbABDr0uBcgEBBAF5EAsNFA8WDwEESQ4Fh3y4Jok9EAEIAQYEAwMEIgOCZR0OgQU0AgcagxoEiD+SV4x3
Received: from unknown (HELO chiexchange02.w2k.jumptrading.com)
([192.168.93.13])
by cer-mailmxol2.jumptrading.com with ESMTP; 26 Jan 2012 14:34:34 +0000
Received: from internalsmtp.w2k.jumptrading.com (10.2.4.29) by
chiexchange02.w2k.jumptrading.com (10.2.4.71) with Microsoft SMTP
Server id 8.2.176.0; Thu, 26 Jan 2012 08:33:07 -0600
Received: from tzlatanov-ubuntu-desktop.jumptrading.com ([10.2.27.110]) by
internalsmtp.w2k.jumptrading.com with Microsoft SMTPSVC(6.0.3790.1830);
Thu, 26 Jan 2012 08:33:07 -0600
From: Ted Zlatanov <tzz@HIDDEN>
To: Stefan Monnier <monnier@HIDDEN>
Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
<jwv4nvj1awv.fsf-monnier+emacs@HIDDEN>
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
Date: Thu, 26 Jan 2012 09:32:38 -0600
In-Reply-To: <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN> (Stefan Monnier's message
of "Wed, 25 Jan 2012 21:02:12 -0500")
Message-ID: <87aa5aa38p.fsf@HIDDEN>
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-OriginalArrivalTime: 26 Jan 2012 14:33:07.0747 (UTC)
FILETIME=[6BD70F30:01CCDC37]
X-Spam-Score: -1.9 (-)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org, Roland Winkler <winkler@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -1.9 (-)
On Wed, 25 Jan 2012 21:02:12 -0500 Stefan Monnier <monnier@HIDDEN> wrote:
>> The Emacs maintainers asked me to make the default unencrypted. I don't
>> think they will change their position.
SM> I can't remember exactly how we got there. But I do agree that saving
SM> a password unencrypted by default is not a good idea.
I don't recall exactly either. But here's how we can proceed. We have
several options:
1) go back to authinfo.gpg as the first choice
2) use unencrypted authinfo with encrypted password tokens, which looks like this:
machine supertest password gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=
3) work on the libnettle support (automatic if we use GnuTLS) so the
external GPG executable is not needed to generate encrypted password
tokens or encrypted authinfo files
4) use Daiki Ueno's plist storage format (already in auth-source but not
well tested AFAIK)
5) ask the user if he has no authinfo file what he wants to do, and
choose sensible defaults from the above depending on whether EPA/EPG and
GPG; or libnettle are available. If we do that, `auth-sources' will be
set to 'ask by default.
Additionally, we should decide if any of this is happening for 24.1. I
would really prefer to make the default more secure for 24.1.
Ted
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 26 Jan 2012 02:02:50 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jan 25 21:02:50 2012
Received: from localhost ([127.0.0.1]:44202 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1RqEfp-0008Dr-Ns
for submit <at> debbugs.gnu.org; Wed, 25 Jan 2012 21:02:50 -0500
Received: from ironport2-out.teksavvy.com ([206.248.154.181]:41167)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <monnier@HIDDEN>) id 1RqEfn-0008Df-SM
for 9113 <at> debbugs.gnu.org; Wed, 25 Jan 2012 21:02:48 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EAKOyIE9FpZaC/2dsb2JhbABDrkSBBoFyAQEEAVYjBQsLMAQSFBgNJIgPuB6JKwIBBQIFBhYEAgIBAgGDWAEJBRAGG4MaBIg/mneEVw
X-IronPort-AV: E=Sophos;i="4.71,572,1320642000"; d="scan'208";a="159071665"
Received: from 69-165-150-130.dsl.teksavvy.com (HELO ceviche.home)
([69.165.150.130])
by ironport2-out.teksavvy.com with ESMTP/TLS/ADH-AES256-SHA;
25 Jan 2012 21:02:13 -0500
Received: by ceviche.home (Postfix, from userid 20848)
id 005D066107; Wed, 25 Jan 2012 21:02:12 -0500 (EST)
From: Stefan Monnier <monnier@HIDDEN>
To: Roland Winkler <winkler@HIDDEN>
Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Message-ID: <jwv4nvj1awv.fsf-monnier+emacs@HIDDEN>
References: <87mxgcffq1.fsf@HIDDEN> <87k44ffsdu.fsf@HIDDEN>
Date: Wed, 25 Jan 2012 21:02:12 -0500
In-Reply-To: <87k44ffsdu.fsf@HIDDEN> (Ted Zlatanov's message of "Wed, 25
Jan 2012 14:18:21 -0600")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -1.9 (-)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -1.9 (-)
> The Emacs maintainers asked me to make the default unencrypted. I don't
> think they will change their position.
I can't remember exactly how we got there. But I do agree that saving
a password unencrypted by default is not a good idea.
Stefan
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
Received: (at 9113) by debbugs.gnu.org; 25 Jan 2012 19:19:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jan 25 14:19:30 2012
Received: from localhost ([127.0.0.1]:43810 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1Rq8NU-00048d-04
for submit <at> debbugs.gnu.org; Wed, 25 Jan 2012 14:19:29 -0500
Received: from cer-mailmxol2.jumptrading.com ([208.78.214.25]:6571)
by debbugs.gnu.org with esmtp (Exim 4.72)
(envelope-from <tzz@HIDDEN>) id 1Rq8NQ-00048Q-QC
for 9113 <at> debbugs.gnu.org; Wed, 25 Jan 2012 14:19:26 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApwEAGMjIE/AqF0N/2dsb2JhbABDr0OBcgEBBXkQCw0UJQ8BBEkOBcAoiSsCAQoCIgWDeAaDNQSIP5JYjHc
Received: from unknown (HELO chiexchange02.w2k.jumptrading.com)
([192.168.93.13])
by cer-mailmxol2.jumptrading.com with ESMTP; 25 Jan 2012 19:20:17 +0000
Received: from internalsmtp.w2k.jumptrading.com (10.2.4.29) by
chiexchange02.w2k.jumptrading.com (10.2.4.71) with Microsoft SMTP
Server id 8.2.176.0; Wed, 25 Jan 2012 13:18:51 -0600
Received: from tzlatanov-ubuntu-desktop.jumptrading.com ([10.2.27.110]) by
internalsmtp.w2k.jumptrading.com with Microsoft SMTPSVC(6.0.3790.1830);
Wed, 25 Jan 2012 13:18:51 -0600
From: Ted Zlatanov <tzz@HIDDEN>
To: Roland Winkler <winkler@HIDDEN>
Subject: Re: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
References: <87mxgcffq1.fsf@HIDDEN>
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
Date: Wed, 25 Jan 2012 14:18:21 -0600
In-Reply-To: <87mxgcffq1.fsf@HIDDEN> (Roland Winkler's message of "Sun, 17
Jul 2011 22:08:22 -0500")
Message-ID: <87k44ffsdu.fsf@HIDDEN>
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-OriginalArrivalTime: 25 Jan 2012 19:18:51.0160 (UTC)
FILETIME=[2BB28980:01CCDB96]
X-Spam-Score: -1.9 (-)
X-Debbugs-Envelope-To: 9113
Cc: 9113 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces <at> debbugs.gnu.org
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
X-Spam-Score: -1.9 (-)
On Sun, 17 Jul 2011 22:08:22 -0500 "Roland Winkler" <winkler@HIDDEN> wrote:
RW> If an authinfo file does not exists and the user has not customized
RW> anything, something like smtpmail will create a new file .authinfo
RW> with the appropriate entry.
RW> I suggest that instead the code should try first to generate a file
RW> .authinfo.gpg and if this fails it should warn the user that Emacs
RW> is going to create a file .authinfo, which can be very unsafe.
RW> In this context, the doc string of auth-sources is, unfortunately,
RW> not too helpful:
RW> See the auth.info manual for details.
RW> [snip]
RW> It's best to customize this with `M-x customize-variable' because
RW> the choices can get pretty complex."
RW> The default value of auth-sources should be such that the user is,
RW> at least, on the safe side.
The Emacs maintainers asked me to make the default unencrypted. I don't
think they will change their position.
Ted
bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.Received: (at submit) by debbugs.gnu.org; 18 Jul 2011 03:08:54 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jul 17 23:08:54 2011 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1QieCT-0005bC-H8 for submit <at> debbugs.gnu.org; Sun, 17 Jul 2011 23:08:54 -0400 Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from <rwinkler@HIDDEN>) id 1QieCR-0005az-58 for submit <at> debbugs.gnu.org; Sun, 17 Jul 2011 23:08:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <rwinkler@HIDDEN>) id 1QieCE-0001m8-6d for submit <at> debbugs.gnu.org; Sun, 17 Jul 2011 23:08:45 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.3.1 Received: from lists.gnu.org ([140.186.70.17]:41261) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <rwinkler@HIDDEN>) id 1QieCD-0001ls-Jw for submit <at> debbugs.gnu.org; Sun, 17 Jul 2011 23:08:37 -0400 Received: from eggs.gnu.org ([140.186.70.92]:53799) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <rwinkler@HIDDEN>) id 1QieCB-00018J-54 for bug-gnu-emacs@HIDDEN; Sun, 17 Jul 2011 23:08:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <rwinkler@HIDDEN>) id 1QieC7-0001kj-K1 for bug-gnu-emacs@HIDDEN; Sun, 17 Jul 2011 23:08:34 -0400 Received: from tfkpsv.physik.uni-erlangen.de ([131.188.164.197]:3585) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <rwinkler@HIDDEN>) id 1QieC7-0001kV-7O for bug-gnu-emacs@HIDDEN; Sun, 17 Jul 2011 23:08:31 -0400 Received: from regnitz (unknown [210.45.117.226]) by tfkpsv.physik.uni-erlangen.de (Postfix) with ESMTP id 29CB728C30 for <bug-gnu-emacs@HIDDEN>; Mon, 18 Jul 2011 05:08:27 +0200 (CEST) Date: Sun, 17 Jul 2011 22:08:22 -0500 Message-Id: <87mxgcffq1.fsf@HIDDEN> From: "Roland Winkler" <winkler@HIDDEN> To: bug-gnu-emacs@HIDDEN Subject: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4-2.6 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.17 X-Spam-Score: -4.9 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Sender: debbugs-submit-bounces <at> debbugs.gnu.org Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org X-Spam-Score: -5.1 (-----) If an authinfo file does not exists and the user has not customized anything, something like smtpmail will create a new file .authinfo with the appropriate entry. I suggest that instead the code should try first to generate a file .authinfo.gpg and if this fails it should warn the user that Emacs is going to create a file .authinfo, which can be very unsafe. In this context, the doc string of auth-sources is, unfortunately, not too helpful: See the auth.info manual for details. [snip] It's best to customize this with `M-x customize-variable' because the choices can get pretty complex." The default value of auth-sources should be such that the user is, at least, on the safe side. In GNU Emacs 24.0.50.1 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1) of 2011-07-16 on regnitz Windowing system distributor `The X.Org Foundation', version 11.0.10706000 Important settings: value of $LC_ALL: nil value of $LC_COLLATE: C value of $LC_CTYPE: nil value of $LC_MESSAGES: nil value of $LC_MONETARY: nil value of $LC_NUMERIC: nil value of $LC_TIME: en_GB.utf8 value of $LANG: en_US.ISO-8859-15 value of $XMODIFIERS: nil locale-coding-system: iso-latin-9-unix default enable-multibyte-characters: t Major mode: Mail
"Roland Winkler" <winkler@HIDDEN>:bug-gnu-emacs@HIDDEN.
Full text available.owner <at> debbugs.gnu.org, bug-gnu-emacs@HIDDEN:bug#9113; Package emacs.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.