[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS for W32

From: Juanma Barranquero
Subject: Re: GnuTLS for W32
Date: Fri, 6 Jan 2012 05:11:47 +0100

On Fri, Jan 6, 2012 at 04:56, Óscar Fuentes <address@hidden> wrote:

> Then I'm misunderstanding. IIRC you said, more or less: "we are a source
> code shop and MS Windows is an exception because those users would have
> a hard time getting an Emacs running on their machines". I fully
> sympathize with the "we are a source code shop", but at the same time
> I'll like to remark that the rest is no longer true.

I don't know what causes your misunderstanding. I would prefer not to
distribute binaries, can accept distributing our own because they are
useful, dislike the idea of distributing other project's binaries
unless they are *strictly* required to run our Emacs binary.

> We are on emacs-devel, not on all-projects-devel.

You were the one talking about "source-only worlds".

> But now that you ask, yes, I'll appreciate that all projects would
> include a system for notifying me that its software is putting my
> machine at risk.

If GnuTLS has a security issue, I wouldn't say that Emacs puts my
machine at risk. GnuTLS does.

> The key here is to determine what the Right Thing is. Have you
> considered the possibility that some or most of those projects doesn't
> have the automatic notification not because they think it is a bad idea,
> but because some other reason?

Why the second guessing? I was told that almost all software packages
today did automatic upgrading, and I mentioned some that do not. I
don't know why they don't offer it, and neither do you.

> That's like saying that smoke detectors are unneeded because fires
> rarely occur, if at all, on most housings.

Nonsense. It's like saying that a smoke detector is not needed in this
particular house because it is built with fireproof materials and the
likelihood of a fire is almost zero.

Do you have an smoke detector in your home? I don't. I don't have a
fire extinguisher, either.

> You are sidetracking from my question by going back to the GnuTLS dll.

No, I'm not.

> I'm genuinely interested in your reasoning for rejecting an
> automatic notification system built into Emacs.

That's what I've answered.

> Something you can use to
> warn users that a problem was found that would pose a risk to their data
> (a security breach, data corruption, whatever). That's independent from
> how the user obtained its binary package.

There are zillions of ways their data could be lost. Are you going to
add a program to Emacs to test the hard drive for bad spots? That kind
of checks (updates, I mean, not the disk test tool ;-) instill false
security. It's like the people who has an AV installed and thinks that
it is protected because the AV software has not detected anything.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]