bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg

[Lars Ingebrigtsen]

Ted Zlatanov <tzz@lifelogs.com> writes:

> The encryption doesn't have to be strong.  It could use a well-known
> secret that the user can override, rather than an actual passphrase, and
> then no questions will be asked.

Sure.  This is what Firefox (etc.) does, and (most) people seem to be
satisfied with that.  On the other hand, this is just obscuring the
passwords, so the difference between this and, say,

machine smtp.gmail.com user foo password base64:c2VjcmV0

isn't huge.  (I mean, it is a real difference, but I'm not quite sure
whether it's a difference with a distinction.  :-)

So perhaps auth-source should just base64-encode password tokens by
default for Emacs 24.1?  That would give the users less of an "EEK"
feeling if they're looking at this file, and somebody is looking over
their shoulders...

-- 
(domestic pets only, the antidote for overdose, milk.)
  http://lars.ingebrigtsen.no  *  Sent from my Rome