Re: Moving files from lisp/gnus/ to lisp/net/?

[Richard Stallman]

    Other applications typically ask the user whether they want to
    remember the password in memory.  If read-passwd is changed to cache
    passwords (however, to use the cache, callers of read-passwd must be
    updated, to provide the "key" into the hash table), it could ask the
    user this.  Opinions on this welcome.

Having it always ask would be too annoying, I think.  So that would
need to be a new argument, which means the feature is no benefit
unless we change the callers.

That is the wrong thing to do at present.  So I think we should put
read-passwd back where it was and remove the new file for now.

Looking ahead to the future,

    > Why have both password-read and password-read-and-add?
    > Why not always add?  Is the idea that for some purposes
    > it is ok to cache, but for others it is too risky?

    No, the reason was this: if the user entered an incorrect password, it
    should not be cached.  If an incorrect password is cached, the code
    might infloop trying the incorrect password automatically over and
    over again.  It was considered safer to first read the password, then
    try to use it, and if successful then it is cached.

In that case, password-read-and-add makes no sense, right?
Why add a shortcut that in best practice should not be used?

    I'm not sure my argument is good, it may be simpler to always cache,
    and have the calling code invoke password-cache-remove whenever there
    is a password failure.

That is a reasonable alternative, I guess, but then password-read
should add the password and we should not have password-read-and-add
as a separate entry point.

But it doesn't make sense to discuss this without dealing with the
question of whether caching of correct passwords is desirable.