Re: bug#14380: 24.3; `network-stream-open-tls' fails in some imap servers on w32

[Ted Zlatanov]

On Mon, 20 May 2013 19:17:45 +0300 Eli Zaretskii <address@hidden> wrote: 

>> From: Ted Zlatanov <address@hidden>
>> Date: Mon, 20 May 2013 05:58:40 -0400
>> 
>> On Mon, 20 May 2013 04:08:57 +0200 Juanma Barranquero <address@hidden> 
>> wrote: 
>> 
JB> On Mon, May 20, 2013 at 1:05 AM, Ted Zlatanov <address@hidden> wrote:
>> >> It would mean changing the way Mac OS X and W32 Emacs
>> >> builds are distributed, to include the GnuTLS libraries with the build,
>> >> and we'd have to implement a way (perhaps through the ELPA) to
>> >> distribute updates to these libraries.
>> 
JB> Why would that be a good idea now if it wasn't seen as such before?
>> 
>> Because we've had years of experience supporting GnuTLS, we're moving to
>> GnuTLS 3.x soon

EZ> What do you mean by "moving to GnuTLS 3.x soon"?  For Windows users,
EZ> the recommended GnuTLS port is of v3.0.9; isn't that "3.x" already?

We use the 2.x API which works with 3.x.

>> [1] I also proposed the ELPA as the way to distribute GnuTLS updates.
>> There's a separate thread about signing ELPA packages which would let us
>> avoid using a broken GnuTLS to pull its own updates, but that's not
>> essential to my proposal.

EZ> Sorry, I'm confused: are you talking about securing Emacs or about
EZ> securing ELPA?  You mix these two (which are quite different issues
EZ> with very different implications) in ways that make it hard to
EZ> understand what are you saying.

There is nothing about securing Emacs itself here (that topic includes
secure credential storage and such, which are not relevant here).

I'm talking about two things:

1) distributing GnuTLS with Emacs and also distributing updates to it.

2) possibly using the ELPA to distribute the GnuTLS updates as a package
that's signed.

Ted