[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#911
From: |
Stefan Monnier |
Subject: |
bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg |
Date: |
Thu, 26 Jan 2012 16:41:19 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux) |
SM> That might be a good option.
> It works fairly well but it's hacky, and can't be shared with other
> programs.
Indeed, it's a major downside.
> I'd like to implement it with libnettle at least, so it doesn't depend
> on the external gpg utility.
But that would make it work even less with other programs.
LI> Yes. But it will require the user to type in a password to get to the
LI> password. :-) And again, programs like Firefox defaults to storing the
LI> passwords in non-encrypted files, so I don't really see why Emacs should
LI> be more difficult to use than Firefox.
I don't know about you, but I don't let Firefox store my mailbox's
password. I have a lot of passwords stored in Firefox's database, but
they're all things I don't really care about (e.g. passwords to log into
some stupid web-forums).
SM> Another option (the better long-term option) is to use an external
SM> keychain service to handle these issues. That's what we should focus on
SM> for the "next time".
> Do you mean gpg-agent or the OS keychain?
I mean the keychain.
> Neither is available on all platforms consistently.
AFAIK all platforms have a keychain nowadays and it's the best place to
put sensitive passwords such as the ones used to access your IMAP server.
>>> IIRC for 23 the default was to keep the password for the current session
>>> and not to store it in any file at all. I think it's a better default
>>> than writing it in clear in some file, so at least for 24.1 reverting to
>>> the Emacs-23 default is very attractive.
LI> Well, Emacs 23 just made you write the .authinfo file by hand. Emacs 24
LI> prompts you for whether you want to store the password or not. If you
LI> don't want to, say "n".
Yes, I guess it's good enough.
> One possible flow:
> If the user says `y' then we can ask (if `auth-sources' is 'ask)
> "Do you want to keep your passwords in a GPG-encrypted file?"
> If they say `y' then set `auth-sources' to "~/.authinfo.gpg" and check
> that EPA/EPG are enabled. If GPG is not available, what do we do? Use
> libnettle? Or explain and pretend they said `n'?
If GPG is not available, ask a different question, as in "It will be
saved in cleartext, is that OK?"
Stefan
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Ted Zlatanov, 2012/01/25
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Stefan Monnier, 2012/01/25
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Ted Zlatanov, 2012/01/26
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Achim Gratz, 2012/01/26
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Ted Zlatanov, 2012/01/26
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg,
Stefan Monnier <=
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Lars Ingebrigtsen, 2012/01/30
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Stefan Monnier, 2012/01/30
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Lars Ingebrigtsen, 2012/01/30
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Michael Albinus, 2012/01/31
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Stefan Monnier, 2012/01/31
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Daiki Ueno, 2012/01/26
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Ted Zlatanov, 2012/01/27
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Daiki Ueno, 2012/01/29
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Lars Ingebrigtsen, 2012/01/30
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Chong Yidong, 2012/01/31