[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auth-source change default spec
From: |
Tim Cross |
Subject: |
Re: auth-source change default spec |
Date: |
Sat, 28 Apr 2012 18:46:21 +1000 |
P.S. I also forgot to mention. It looks like auth-source.el has
(require 'assoc)
which emacs tells me is an obsolete package. Should this be addressed
prior to emacs 24?
Tim
On 28 April 2012 10:45, Tim Cross <address@hidden> wrote:
> I've recently run into a minor problem with the auth-source library
> which I think is due to the default SPEC for auth-sources. I wanted
> some feedbak before logging a bug request and also wanted to make this
> possible issue visible asap given the need to get defaults sorted for
> the next release.
>
> The current default sorces spec (taken from recent emacs bzr sources) is
>
> ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc")
>
> I think it should be changed to have .authinfo.gpg first in the list.
> The reason is that if you already have a .authinfo.gpg file and then
> attempt to access a resource for which you don't yet have credentials
> and the search criteria specifies the :create option, because
> .authinfo is first, it will attempt to save the credentials in the
> .authinfo file and not .authinfo.gpg. If you have things configured to
> ask if you want to save (the default) it will ask if you want to save
> to .authinfo even when it is aware you have a .authinfo.gpg file. It
> does not appear to give you an option to change this. If you just
> accept the defaults and you do use .authinfo.gpg, things will break
> when you add new credentials because it will create a .authinfo file.
> Subsequent searches will never see the credentials you already have in
> your .authinfo.gpg file as the search stops it has found the .authinfo
> file.
>
> I also think that putting the GPG version first would encourage better
> practices. On many systems, especially GNU Linux, gpg will already be
> installed. I guess it may be an issue on other platforms, but still
> think it is better to go for the more secure solution as the default,
> even if that does create some additional work for those who don't want
> to bothwer with encryptiong and are happy with a less secure approach.
>
> If this is not acceptable, I think the auth-source library may need to
> be enhanced so that it defaults to the gpg version of the file for
> saving when it knows one already exists.
>
> Tim
>
>
> --
> Tim Cross
--
Tim Cross