[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credential

From: Ted Zlatanov
Subject: Re: authinfo gnutls netrc.el auth-sources & smtpmail-starttls-credentials
Date: Wed, 10 Jun 2009 16:18:38 -0500
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux)

On Tue, 9 Jun 2009 23:49:41 -0400 MON KEY <address@hidden> wrote: 

MK> use of .authinfo.gpg implies auth-sources.el (or will soon)
MK> auth-sources wants netrc.el per `auth-source-user-or-password'
MK> netrc.el defines a var `netrc-services' that is hard bound to 

MK> How is this going to remain secure/stable/reliable across platforms -
MK> esp. going forward in lieu of emerging and recent new functionality
MK> with auth-sources, epa, epg?

MK> If netrc.el wants to hardwire the `netrc-services-file' he should be
MK> mindful that not all systems have this path available - maybe a
MK> defcustom is in order here?

It makes sense to bundle some default service definitions with Emacs,
but allow overriding and lookups in external resources (files, etc.) as
well.  There's always the option of specifying the port as a number.
Also there are packages which have their own ideas about service ports,
e.g. from imap.el:

;; Internal constants.  Change these and die.

(defconst imap-default-port 143)
(defconst imap-default-ssl-port 993)
(defconst imap-default-tls-port 993)

or tramp.el:

    ("ssh"   (tramp-login-program        "ssh")
             (tramp-default-port         22))

The place to put the service port definitions and API should probably be
a new .el file in Emacs, not netrc.el or auth-sources.el.  Then Emacs
packages can migrate to using the new API.  One of the Emacs maintainers
should give an opinion here, I don't have a strong one.

MK> It doesn't look like this oversight can pose an immediate problem
MK> because where the `/etc/services' is missing netrc.el just ignores the
MK> void... and quietly proceeds - still... is that a _good_ thing?

Yes, it lets people get stuff done.  It's not a security risk and does
not behave in an unexpected way.  It can be augmented but the
fundamental principle is sound: use the host OS's idea of service ports
if it's available.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]