bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg

From: Stefan Monnier
Subject: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Date: Thu, 26 Jan 2012 12:28:47 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux) 
>>> The Emacs maintainers asked me to make the default unencrypted.  I don't
>>> think they will change their position.
SM> I can't remember exactly how we got there.  But I do agree that saving
SM> a password unencrypted by default is not a good idea.
> I don't recall exactly either.  But here's how we can proceed.  We have
> several options:
> 1) go back to authinfo.gpg as the first choice

I'm not sure what this means: how does it fix the problem, what other
consequences does it have?  E.g. will Emacs end up asking for my
password to read autoinfo.gpg even though the thing it's looking for is
not there?

> 2) use unencrypted authinfo with encrypted password tokens, which
>    looks like this:

> machine supertest password
> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=

That might be a good option.

> Additionally, we should decide if any of this is happening for 24.1.  I
> would really prefer to make the default more secure for 24.1.

IIRC for 23 the default was to keep the password for the current session
and not to store it in any file at all.  I think it's a better default
than writing it in clear in some file, so at least for 24.1 reverting to
the Emacs-23 default is very attractive.

Another option (the better long-term option) is to use an external
keychain service to handle these issues.  That's what we should focus on
for the "next time".


        Stefan
reply via email to
[Prev in Thread] Current Thread [Next in Thread]