[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: master 91c732f: Always check for client-certificates

From: Dmitry Alexandrov
Subject: Re: master 91c732f: Always check for client-certificates
Date: Sat, 16 Nov 2019 10:07:52 +0300
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

address@hidden (Robert Pluim) wrote:
> branch: master
> commit 91c732f687a61ba130acf38d5142bec6369ebd68
> Author: Robert Pluim <address@hidden>
> Commit: Robert Pluim <address@hidden>
>     Always check for client-certificates
>     * lisp/net/network-stream.el
>     (network-stream-use-client-certificates): New user option.
>     (open-network-stream): If 'network-stream-use-client-certificates'
>     is t, and the user hasn't specified :client-certificate, do
>     certificate lookups via 'auth-source'.
>     (network-stream-certificate): Only return key and certificate
>     files that exist.

From userʼs point of view it means: M-x eww RET https://gnu.org or M-x 
list-packages or something else equally anonymous by nature may eventually 
request a passphrase to decrypt private GPG key (that one, which was used to 
encrypt ~/.authinfo.gpg), and fail if request is rejected.

Iʼm afraid, this deeply violates the principle of the least astonishment.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]