[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg

From: Ted Zlatanov
Subject: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Date: Wed, 25 Jan 2012 14:18:21 -0600
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux)

On Sun, 17 Jul 2011 22:08:22 -0500 "Roland Winkler" <address@hidden> wrote: 

RW> If an authinfo file does not exists and the user has not customized
RW> anything, something like smtpmail will create a new file .authinfo
RW> with the appropriate entry.

RW> I suggest that instead the code should try first to generate a file
RW> .authinfo.gpg and if this fails it should warn the user that Emacs
RW> is going to create a file .authinfo, which can be very unsafe.

RW> In this context, the doc string of auth-sources is, unfortunately,
RW> not too helpful:

RW>   See the auth.info manual for details.
RW>   [snip]
RW>   It's best to customize this with `M-x customize-variable' because
RW>   the choices can get pretty complex."

RW> The default value of auth-sources should be such that the user is,
RW> at least, on the safe side.

The Emacs maintainers asked me to make the default unencrypted.  I don't
think they will change their position.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]