[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS for W32

From: Óscar Fuentes
Subject: Re: GnuTLS for W32
Date: Mon, 02 Jan 2012 04:18:05 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.91 (gnu/linux)

Juanma Barranquero <address@hidden> writes:

>> Do we implement security only when many users are at risk?
> Irrelevant. We've implemented security, we're talking about defaults.

What's the difference?

> And that's what cost-benefit analysis is for. The answer could well be
> yes, if the alternative to "many" is "almost no-one".

You can count me on. See below.

>> Including the GnuTLS binary with the official binary packages shouldn't
>> be too costly, if we consider how rare Emacs releases are.
> The moment a serious bug is detected in GnuTLS, you have to issue
> updated packages and get the word out. It's not as easy as you put it.

Granted, that's a considerable side-effect. I've looked at the release
history for GnuTLS and there are lots of them. I don't how many contain
fixes for serious bugs, though.


>> Shrugh. Security-wise, this way of thinking is responsible for lots of
>> disasters.
> For some definition of "lots", sure.

Directly or indirectly, almost all of them, I would say.

>> I wouldn't detect if someone were eavesdropping my network
>> communications, nor would you.
> Considering that I'm in a very small, non-WiFi network behind a rather
> paranoid firewall, trust me: if someone is eavesdropping my network,
> Emacs is the lesser of my troubles.

AFAIK Emacs can use GnuTLS for talking to the outside world too. SMTP,
for instance. There are ISPs (like the one I use) that offer both
encrypted and plain login on their mail servers. That's pretty serious

reply via email to

[Prev in Thread] Current Thread [Next in Thread]