[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#7487: 24.0.50; Gnus nnimap broken

From: Stefan Monnier
Subject: bug#7487: 24.0.50; Gnus nnimap broken
Date: Fri, 10 Dec 2010 15:56:10 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)

>>>> that I'm tempted to go back to just storing this data in the plain-text
>>>> ~/.authinfo file until all this has been worked out.
>>> No!!!! Or only after prompting the user five times for
>>> (different) confirmation.
LMI> If you look at other widely used software packages, like Firefox, they
LMI> default to just storing the passwords in an (obfuscated) non-encrypted
LMI> file.  I don't think that's such a bad default.
> It's a terrible default IMO.  But you knew I'd say that :)

I also find it terrible.  Tho it is at least protected by a 3-way prompt
(tho only 1 rather than 5).

LMI> If you want a more complicated credential storage setup, then that
LMI> should be a user option, not a default.  At present, the ~/.authinfo.gpg
LMI> credential storage is not something you can present to a normal user and
LMI> expect them to understand at all.
> How about a .sgpg or .spg extension that signals EPA/EPG that only
> symmetric encryption is desired?

I think that will only push the problem elsewhere, which is "which file
name to use: .authinfo.gpg or .authinfo.spg".  It seems simpler to just
let the user configure the behavior she wants.  By default just use
symmetric encryption.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]