[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: master 91c732f: Always check for client-certificates
From: |
Robert Pluim |
Subject: |
Re: master 91c732f: Always check for client-certificates |
Date: |
Mon, 18 Nov 2019 17:05:09 +0100 |
>>>>> On Mon, 18 Nov 2019 17:38:42 +0200, Eli Zaretskii <address@hidden> said:
>> From: Robert Pluim <address@hidden>
>> Date: Mon, 18 Nov 2019 10:06:19 +0100
>> Cc: Dmitry Alexandrov <address@hidden>, address@hidden
>>
Lars> I didn't realise that this would mean accessing the .authinfo.gpg file
Lars> by default for https connections. I don't think that's a good idea,
so
Lars> network-stream-use-client-certificates has to default to nil.
>>
>> I can flip the default if thatʼs the consensus.
Eli> If everyone agrees with Lars, then we have a consensus. But if you
Eli> disagree, I'd like to hear your arguments (and anyone else's really),
Eli> before we decide what is the consensus.
I'm doubly biased: I implemented it, and I read email in Emacs, so
.authinfo.gpg gets decrypted for me anyway, so having it done for eww
or package-list-packages is a no-op, which means I disagree, but not
strongly.
The reason for the feature is to make it easy to use certificates:
just add the right stuff to .authinfo.gpg, and everything else happens
by itself, much like usernames/passwords when sending
email.
Defaulting it to off means more configuration burden on the user.
Defaulting it to on means that some people who object to it need to
customize auth-sources and/or network-stream-use-client-certificates.
I canʼt judge the relative sizes of those two groups, although the
second one is highly likely to be more vocal.
Having said that, I donʼt think weʼre looking for unanimity anyway,
just rough consensus, and so far Iʼm outnumbered at least 2-1.
Robert
- Re: master 91c732f: Always check for client-certificates, Dmitry Alexandrov, 2019/11/16
- Re: master 91c732f: Always check for client-certificates, Robert Pluim, 2019/11/17
- Re: master 91c732f: Always check for client-certificates, Lars Ingebrigtsen, 2019/11/18
- Re: master 91c732f: Always check for client-certificates, Robert Pluim, 2019/11/18
- Re: master 91c732f: Always check for client-certificates, Eli Zaretskii, 2019/11/18
- Re: master 91c732f: Always check for client-certificates,
Robert Pluim <=
- Re: master 91c732f: Always check for client-certificates, Eli Zaretskii, 2019/11/18
- Re: master 91c732f: Always check for client-certificates, Michael Welsh Duggan, 2019/11/19
- Re: master 91c732f: Always check for client-certificates, Lars Ingebrigtsen, 2019/11/19