[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5

From: Ted Zlatanov
Subject: Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5
Date: Tue, 04 Feb 2014 08:07:16 -0500
User-agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)

On Mon, 03 Feb 2014 22:21:50 -0500 Stefan Monnier <address@hidden> wrote: 

>> 4) FFI is nice for proprietary products, but sub-optimal for free software

SM> Linking Emacs at compile-time with all the libraries someone might
SM> potentially want to use at some point, leads for example to a Debian
SM> package that depends on umpteen libraries.  It also forces people to
SM> come and lobby here for each one of those libraries since it can only be
SM> added to the core, thus slowing down the whole process.
SM> The current situation is a hindrance to Emacs development.  An FFI is
SM> not a panacea, of course, but it at least opens up new opportunities.

Encryption is not an optional feature, it's a part of the security model
(of which Emacs has very little, as a language and as a platform).
Without secure primitives we'll forever have the foregone conclusion
that the Lisp evaluator can't be secure.  In other words, it's really
hard to make software optionally secure.

So I'll argue that GnuTLS and its dependencies, libnettle+libhogweed,
should not be optional libraries.  Loosely coupling encryption
facilities to the Emacs core is an implicit security risk, however
stable the FFI.

As long as Stefan and others see encryption as "just another feature"
I'm afraid this is an argument I can't win, so I've agreed to wait for
FFI and help implement it.  But it bothers me very much.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]