[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS for W32

From: Juanma Barranquero
Subject: Re: GnuTLS for W32
Date: Fri, 6 Jan 2012 15:35:44 +0100

2012/1/6 Ted Zlatanov <address@hidden>:

> The intention is to do whatever is appropriate on the platform to let
> the user know they need to update and make the update easy.

There's no single, general definition of "appropriate".

> I'm not.  The risk is not worth the effort with image libraries.

I don't understand why. Buffer overruns exploited through
carefully-crafted images have been used before. I would fear that (as
a vector for malware) much more than someone eavesdropping my

> You're ignoring the "deeply embedded" part.  Obviously external
> utilities are not able to compromise Emacs like internal C glue.  Can
> you stick to comparable components like the libxml2 glue?

See the image libraries comment above.

> If you don't think the package manager is important to our users, you've
> got your head stuck in the sand.

I don't know about "our" users, but certainly is unimportant to many
Emacs users (starting with myself).

And, please, let's not turn this discussion into a description of the
relative positions of our respective heads or other body parts.

> I appreciate your attention to detail, but "need" is the verb I meant to
> write there.

I don't doubt it. My correction turned what you said into what I
believe is real.

> SSH clients are not extensible layout engines with embedded interpreters
> and flexible package managers.  As I keep saying, compare Emacs to
> Firefox and Chrome, not to `vim' or `ssh' and `grep'.  It hasn't been
> just an editor in a long while.  Eclipse is another good comparison
> point.

Compare it to Apache, which can be infinitely extended via external
modules and it's mission-critical for so many business.

> That's oversimplifying the problem, but yes, this is the fundamental
> question.

You think it's an oversimplification, I think it's approaching it in a
realistic way.

> I was planning on that next.  How did you know?

With the head under the sand I had plenty of time to think, and I
started having premonitions.

> No, it's not like that at all.  Intrusion detection and security
> advisories are completely different things.

I thought it was evident I was not comparing situations, but
inadequate feelings of security.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]