[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
From: |
Stephen J. Turnbull |
Subject: |
Re: Bug#766395: emacs/gnus: Uses s_client to for SSL. |
Date: |
Wed, 29 Oct 2014 11:33:43 +0900 |
Perry E. Metzger writes:
> Name calling is pretty much always a bad idea in a rational
> discussion. It adds nothing. Defending it as though it were some
> valid form of argumentation is ridiculous.
OK. Have some valid argumentation:
So far I have seen "Perry E. Metzger <address@hidden>"
advocate nothing but extreme positions, often as slogans ("only
one mode, and that is secure"), without backing them up with the
relevant facts on *both* sides of the argument so that others can
judge "the balance" for themselves. Others, whose opinions I have
seen to be substantiated in the past, acknowledge that while there
is some justice to the central claim ("fallback to SSL3 is
dangerous"), there is also controversy among experts about how
serious the danger of SSL3 is in various contexts. Instead of
addressing that in the context of Emacs, he provides anecdotes
about unrelated systems, where the danger is obvious to any
layman, as evidence of how serious things *can* get, but is
unwilling to provide facts about the actual uptake of his
recommendations even in these extreme use cases, despite the fact
that the central vulnerability of his argument is that users will
choose to avoid upgrades because of the inconvenience of the
additional security. I see no reason at present to expect him to
provide balance in the future or account for other values such as
user inconvenience in making his assessments, and therefore
discount his recommendations in spite of his evident technical
expertise and experience.
I recommend to others that they be careful of accepting his policy
recommendations in this context despite his expertise, and demand
more careful argument than he has provided so far, as so far I
have seen only extreme policies appropriate for extreme use cases.
But the policies are not obviously appropriate for Emacs, and I
don't see a valid analogy to Emacs in the use cases.
All OK now, right?
N.B. As you have probably recognized, the above is argument ad
hominem, and does not directly address the issues involved. But that
form of argument is appropriate in this case, because the point is
that, despite your expertise, you haven't addressed them either.
Instead, you have relied on the fact of your expertise (argumentum ad
hominem itself!) and a few specious analogies, rather than the facts
of *this* case.
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., (continued)
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stefan Monnier, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Florian Weimer, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stefan Monnier, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stephen J. Turnbull, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.,
Stephen J. Turnbull <=
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/28
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Stephen J. Turnbull, 2014/10/29
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Perry E. Metzger, 2014/10/29
- Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Kurt Roeckx, 2014/10/23
Re: Bug#766395: emacs/gnus: Uses s_client to for SSL., Ted Zlatanov, 2014/10/24