[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.

From: Stephen J. Turnbull
Subject: Re: Bug#766395: emacs/gnus: Uses s_client to for SSL.
Date: Wed, 29 Oct 2014 11:33:43 +0900

Perry E. Metzger writes:

 > Name calling is pretty much always a bad idea in a rational
 > discussion.  It adds nothing. Defending it as though it were some
 > valid form of argumentation is ridiculous.

OK.  Have some valid argumentation:

    So far I have seen "Perry E. Metzger <address@hidden>"
    advocate nothing but extreme positions, often as slogans ("only
    one mode, and that is secure"), without backing them up with the
    relevant facts on *both* sides of the argument so that others can
    judge "the balance" for themselves.  Others, whose opinions I have
    seen to be substantiated in the past, acknowledge that while there
    is some justice to the central claim ("fallback to SSL3 is
    dangerous"), there is also controversy among experts about how
    serious the danger of SSL3 is in various contexts.  Instead of
    addressing that in the context of Emacs, he provides anecdotes
    about unrelated systems, where the danger is obvious to any
    layman, as evidence of how serious things *can* get, but is
    unwilling to provide facts about the actual uptake of his
    recommendations even in these extreme use cases, despite the fact
    that the central vulnerability of his argument is that users will
    choose to avoid upgrades because of the inconvenience of the
    additional security.  I see no reason at present to expect him to
    provide balance in the future or account for other values such as
    user inconvenience in making his assessments, and therefore
    discount his recommendations in spite of his evident technical
    expertise and experience.

    I recommend to others that they be careful of accepting his policy
    recommendations in this context despite his expertise, and demand
    more careful argument than he has provided so far, as so far I
    have seen only extreme policies appropriate for extreme use cases.
    But the policies are not obviously appropriate for Emacs, and I
    don't see a valid analogy to Emacs in the use cases.

All OK now, right?

N.B. As you have probably recognized, the above is argument ad
hominem, and does not directly address the issues involved.  But that
form of argument is appropriate in this case, because the point is
that, despite your expertise, you haven't addressed them either.
Instead, you have relied on the fact of your expertise (argumentum ad
hominem itself!) and a few specious analogies, rather than the facts
of *this* case.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]