[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credential
From: |
Ted Zlatanov |
Subject: |
Re: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credentials |
Date: |
Fri, 12 Jun 2009 13:25:17 -0500 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux) |
On Thu, 11 Jun 2009 19:44:37 -0400 MON KEY <address@hidden> wrote:
MK> Not everyone has an hour to point out what _you've_ missed.
MK> I made time.
I appreciate your suggestions very much. I am just asking you to
present them in a way that I can understand more readily. From looking
at the stream of Emacs bug reports for a while, most people can submit
verbal explanations just fine, using code to support but not replace
them. For reference, here's what M-x report-emacs-bug suggests:
"Please write in English if possible, because the Emacs maintainers
usually do not have translators to read other languages for them.
Your bug report will be posted to the address@hidden mailing list.
Please describe exactly what actions triggered the bug
and the precise symptoms of the bug:"
The key word is "describe." You did not describe, you posted a few
pages of code.
MK> I am sorry if the previous message was too much for you or your
MK> schedule. Maybe someone else will catch it.
Sure, let's hope whoever does will write a patch or explain it better.
Meanwhile, assuming there's no "someone else" standing by, let's try to
figure out the problem.
MK> I did my best to couch the error in a not too obvious way so as not
MK> to needlessly over expose it.
All right. Please use e-mail next time, so you can be clear in what
you're reporting. It would have saved time, and is the standard way to
report security issues.
MK> I believe the `auth-sources.el' portion of the current 'auth system'
MK> should undergo a bit more public scrutiny.
I've posted many notes to emacs-devel inviting scrutiny and
suggestions for auth-source.el. In any case, please do review and
comment on it. Just do it in
MK> I have made specific suggestions. Moreover, I even went so far as to
MK> put the cleanup in there to make it easier for people to evaluate the
MK> code and recover to a normal state.
MK> Don't waste any valuable time trying to 'parse' that code - just evaluate
it.
MK> The code shouldn't cause any problems, it uses `auth-sources.el' so
MK> there isn't any undo risk - even for those in "Getting Things Done"
MK> mode.
Your cleanup sets auth-sources to nil. That would screw up my setup, at
least. It's definitely not OK to just evaluate it; there were many
other issues I don't have time to list and which are not really
relevant. I would have at least wrapped everything in a let scope,
FWIW.
MK> I _am_ pointing out that the `gnus-message' logging facilty used in
MK> conjunction with `auth-source-user-or-password' gives the user the
MK> impression that by setting `gnus-verbose' to a lower threshold the
MK> logging won't occur.When use of auth-source.el is separated from Gnus
MK> that facility is irrelevant to non Gnus users; whether they set
MK> `gnus-verbose' to 1 or 10 is a moot point.
Thank you for explaining. I've attached a patch to use only the
`message' function for logging messages, and logging is off by default.
The patch is against Emacs CVS. Let me know what you think.
MK> Is it reasonable for an hypothetical 'average Emacs user' to expect to
MK> reliably debug/troubleshoot and configure an auth-source initiated
MK> transaction config using the current 'auth regime' and expect a safe,
MK> transparent, self cleaning, logging facility to aid in the process?
Sure. Now, what are you suggesting should be changed or improved?
MK> While some (not all) of these expectations can be currently be met it
MK> does not come without presenting a situation whereby some users may
MK> find that they are blindly pinging a machine/host/server (which is
MK> it?) with:
MK> - dog knows WHO on the other end;
MK> - receiving dog knows WHAT;
MK> - as it gets getting routed through dog knows WHERE;
MK> (per netrc.el snarfage)
Can you give a specific example illustrating these problems, so I can
fix their root causes?
Thanks
Ted
auth-source.diff
Description: Text Data
RE: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credentials, MON KEY, 2009/06/12