emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moving files from lisp/gnus/ to lisp/net/?

From: Daiki Ueno
Subject: Re: Moving files from lisp/gnus/ to lisp/net/?
Date: Thu, 8 Nov 2007 09:46:38 +0900 
2007/11/7, Richard Stallman <address@hidden>:
>     Even though read-passwd is not perfectly secure, it is far better than
>     password caching in elisp.  If read-passwd does password caching by
>     itself and the docstring says so, thoughtless programmers will tend to
>     use that feature in every case.  That will cause spreading insecure
>     code.
>
> I do not understand the argument you are making.  I was talking about
> two alternatives for writing the Lisp code: one function and two
> functions.  I don't know how to relate what you said to that choice.

I wanted to mean that "two functions" approach is better than "one
function" approach.  The rationales are:

(1) the current read-passwd is reasonably secure (since it clears
passphrase strings read as much as possible).

(2) passphrase caching in elisp inherently has a risk to leak
passphrases to disks.

(3) if read-passwd caches passphrases when the optional argument is
given, some people will misuse that new feature (perhaps by cut&paste
existing code)
even though the docstring of read-passwd explicitly states that behavior.

Regards,
-- 
Daiki Ueno
reply via email to
[Prev in Thread] Current Thread [Next in Thread]