bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg

[Ted Zlatanov]

On Tue, 31 Jan 2012 12:37:17 +0100 Michael Albinus <michael.albinus@gmx.de> 
wrote: 

MA> Ted Zlatanov <tzz@lifelogs.com> writes:
>> As a default, it seems that storing the credential data in a temporary
>> in-memory auth-source backend *by default* is the best solution.  

MA> You use already password-cache.el in auth-source.el. It could be made
MA> public by allowing a :cache entry in `auth-sources'.

OK.

>> Then on exit or on `auth-source-save', if there is something in the
>> in-memory backend, we can ask the user if he wants to save the passwords
>> and where, with all the consequent UI choices.  The user can pick a
>> plain file, or a plain file with password tokens, or a GPG-encrypted
>> file (with or without external support), or the platform's keychain
>> service, if available.  At that time the UI can modify `auth-sources'
>> for the user.

MA> Too complicate. If a user decides for cached passwords, she shouldn't be
MA> asked for saving. It is convenient enough to enter a password only once
MA> during a session.

I'm not convinced but it does make sense, and would make the experience
simpler for the user.  I've asked on the Gnus mailing list for opinions
and anyone interested can post them here too.

Ted