Re: Network Security Manager merge time?

[Ivan Shmakov]

>>>>> "TZ" == Ted Zlatanov <address@hidden> writes:
>>>>> On Wed, 19 Nov 2014 18:59:16 +0100 Lars Magne Ingebrigtsen wrote:
>>>>> Ted Zlatanov <address@hidden> writes:

 TZ> I'd rather deprecate it in favor of `nsm-security-level',
 TZ> especially if you're OK with the ability to set the level per host
 TZ> or subnet, and per service.  The `gnutls-verify-error' checks are
 TZ> all 'medium I think.

 LMI> I can imagine that some people would rather leave all this up to
 LMI> gnutls...

 TZ> As far as user-level customization, I'd rather not have multiple
 TZ> variables.  The checks will be done the same way, just based on
 TZ> `network-security-level' instead of specific checkboxes like now.

        I have gnutls-verify-error set in my ~/.emacs.  After I upgrade
        to an NSM-enabled Emacs, how exactly will it get mapped to the
        NSM settings?

[…]

 TZ> I was going to say it doesn't for me on Ubuntu, but apparently in
 TZ> the last N months+years the default has changed quietly.  So now I
 TZ> have no idea how many of my known_hosts are for virtual machines or
 TZ> other disposable SSH servers.  Grrrrrrreat.  Ah, here's why, from
 TZ> the ssh_config man page:

 TZ> Note that the Debian openssh-client package sets several options as
 TZ> standard in /etc/ssh/ssh_config which are not the default in
 TZ> ssh(1): ...  · HashKnownHosts yes · GSSAPIAuthentication yes

        I’m pretty sure that this setting was there for years.  Why, the
        earliest hashed ~/.ssh/known_hosts entries I’m able to find in
        my backups right now date back to March, 2008.

 TZ> I'll be disabling that one...

        FWIW, I tend to have reservations when it comes to software
        editing my configuration files on their own.  Thus, I’ve ended
        up making known_hosts read-only, and adding ssh-keyscan(1) data
        to it manually as necessary.

-- 
FSF associate member #7257  np. Coming Home — Iron Maiden   … B6A0 230E 334A