emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auth-source change default spec

From: Tim Cross
Subject: Re: auth-source change default spec
Date: Sat, 28 Apr 2012 18:46:21 +1000 
P.S. I also forgot to mention. It looks like auth-source.el has

(require 'assoc)

which emacs tells me is an obsolete package. Should this be addressed
prior to emacs 24?

Tim


On 28 April 2012 10:45, Tim Cross <address@hidden> wrote:
> I've recently run into a minor problem with the auth-source library
> which I think is due to the default SPEC for auth-sources. I wanted
> some feedbak before logging a bug request and also wanted to make this
> possible issue visible asap given the need to get defaults sorted for
> the next release.
>
> The current default sorces spec (taken from recent emacs bzr sources) is
>
> ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc")
>
> I think it should be changed to have .authinfo.gpg first in the list.
> The reason is that if you already have a .authinfo.gpg file and then
> attempt to access a resource for which you don't yet have credentials
> and the search criteria specifies the :create option, because
> .authinfo is first, it will attempt to save the credentials in the
> .authinfo file and not .authinfo.gpg. If you have things configured to
> ask if you want to save (the default) it will ask if you want to save
> to .authinfo even when it is aware you have a .authinfo.gpg file. It
> does not appear to give you an option to change this.  If you just
> accept the defaults and you do use .authinfo.gpg, things will break
> when you add new credentials because it will create a .authinfo file.
> Subsequent searches will never see the credentials you already have in
> your .authinfo.gpg file as the search stops it has found the .authinfo
> file.
>
> I also think that putting the GPG version first would encourage better
> practices. On many systems, especially GNU Linux, gpg will already be
> installed. I guess it may be an issue on other platforms, but still
> think it is better to go for the more secure solution as the default,
> even if that does create some additional work for those who don't want
> to bothwer with encryptiong and are happy with a less secure approach.
>
> If this is not acceptable, I think the auth-source library may need to
> be enhanced so that it defaults to the gpg version of the file for
> saving when it knows one already exists.
>
> Tim
>
>
> --
> Tim Cross



-- 
Tim Cross
reply via email to
[Prev in Thread] Current Thread [Next in Thread]