[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more on starttls, gnutls-cli and using tls for mail

From: Roland Winkler
Subject: Re: more on starttls, gnutls-cli and using tls for mail
Date: Sun, 14 Aug 2011 01:24:13 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)

On Sat, Aug 13 2011, Karl Fogel wrote:
"T. V. Raman" <address@hidden> writes:
Also, if you ask smtpmail to save the security settings, it creates a world-readable .authinfo with the password stored in the clear --- looks like a bad idea on all counts.

I've been thinking that lately too. First, the fact that .authinfo is created world-readable just seems like a clear bug. Also easy to fix (sorry, I don't have patch, but I could come up with one if we all agree this is a straight bug).

See bug #9113. So yes, I agree that this is a bug. See also bug #7487 where some issues related to .authinfo were discussed: Under certain circumstances Gnus needed to repeatedly decrypt
~/.authinfo.gpg, which requires the gpg passphrase. Yet I do not find it
justified to make an unencrypted ~/.authinfo the default because of such
a nuisance. If at all, I believe it should be the other way round: the
default should be ~/.authinfo.gpg. If someone doesn't like that for
whatever reason, he or she can change that in the init file.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]