emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more on starttls, gnutls-cli and using tls for mail

From: Karl Fogel
Subject: Re: more on starttls, gnutls-cli and using tls for mail
Date: Sat, 13 Aug 2011 21:26:13 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) 
"T. V. Raman" <address@hidden> writes:
>Also, if you ask smtpmail to save the security settings, it
>creates a world-readable .authinfo with the password stored in
>the clear --- looks like a bad idea on all counts.

I've been thinking that lately too.

First, the fact that .authinfo is created world-readable just seems like
a clear bug.  Also easy to fix (sorry, I don't have patch, but I could
come up with one if we all agree this is a straight bug).

Second: I think it was a mistake that we fully deprecated
`smtpmail-auth-credentials' in favor of ~/.authinfo, instead of, say,
just making the latter override the former when the latter is present.
It's good to have an entirely off-disk option for passing credentials;
maybe most users won't use it, but some will, and it's good in principle
to offer it.  (For example, search for that variable in [1] to see how I
was using it.)

I'd like to know how people feel about the above assertions, before I
start patching anything, though.

-Karl

[1] http://svn.red-bean.com/repos/kfogel/trunk/.emacs
reply via email to
[Prev in Thread] Current Thread [Next in Thread]