bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num


From: Paul Eggert
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Tue, 19 Jan 2016 09:38:23 -0800
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0

On 01/19/2016 09:03 AM, John Wiegley wrote:
What critical feature is GnuTLS buying for us that would make this worthwhile,
Paul?

There is nothing "critical" here. This is just a minor issue, one that has been blown all out of proportion. Using GnuTLS when available lessens use of system resources and simplifies auditing, but Emacs could get by without this minor bugfix-improvement.

why do we need a dependency on GnuTLS

There isn't a dependency on GnuTLS in the usual sense: that is, if GnuTLS is absent, the code still works as before. The only dependency is that we trust the GnuTLS library to work when it is present, and to report an error if one occurs. This is a reasonable assumption, both here and elsewhere in Emacs.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]