emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: master 91c732f: Always check for client-certificates


From: Robert Pluim
Subject: Re: master 91c732f: Always check for client-certificates
Date: Mon, 18 Nov 2019 17:05:09 +0100

>>>>> On Mon, 18 Nov 2019 17:38:42 +0200, Eli Zaretskii <address@hidden> said:

    >> From: Robert Pluim <address@hidden>
    >> Date: Mon, 18 Nov 2019 10:06:19 +0100
    >> Cc: Dmitry Alexandrov <address@hidden>, address@hidden
    >> 
    Lars> I didn't realise that this would mean accessing the .authinfo.gpg file
    Lars> by default for https connections.  I don't think that's a good idea, 
so
    Lars> network-stream-use-client-certificates has to default to nil.
    >> 
    >> I can flip the default if thatʼs the consensus.

    Eli> If everyone agrees with Lars, then we have a consensus.  But if you
    Eli> disagree, I'd like to hear your arguments (and anyone else's really),
    Eli> before we decide what is the consensus.

I'm doubly biased: I implemented it, and I read email in Emacs, so
.authinfo.gpg gets decrypted for me anyway, so having it done for eww
or package-list-packages is a no-op, which means I disagree, but not
strongly.

The reason for the feature is to make it easy to use certificates:
just add the right stuff to .authinfo.gpg, and everything else happens
by itself, much like usernames/passwords when sending
email.

Defaulting it to off means more configuration burden on the user.
Defaulting it to on means that some people who object to it need to
customize auth-sources and/or network-stream-use-client-certificates.

I canʼt judge the relative sizes of those two groups, although the
second one is highly likely to be more vocal.

Having said that, I donʼt think weʼre looking for unanimity anyway,
just rough consensus, and so far Iʼm outnumbered at least 2-1.

Robert



reply via email to

[Prev in Thread] Current Thread [Next in Thread]