[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auth-source change default spec
From: |
Ted Zlatanov |
Subject: |
Re: auth-source change default spec |
Date: |
Mon, 30 Apr 2012 08:23:46 -0400 |
User-agent: |
Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.1.50 (gnu/linux) |
On Sat, 28 Apr 2012 10:45:37 +1000 Tim Cross <address@hidden> wrote:
TC> I've recently run into a minor problem with the auth-source library
TC> which I think is due to the default SPEC for auth-sources. I wanted
TC> some feedbak before logging a bug request and also wanted to make this
TC> possible issue visible asap given the need to get defaults sorted for
TC> the next release.
TC> The current default sorces spec (taken from recent emacs bzr sources) is
TC> ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc")
TC> I think it should be changed to have .authinfo.gpg first in the
TC> list.
Could you please read through Emacs bug #9113? It deals with this issue
at length.
http://comments.gmane.org/gmane.emacs.bugs/49377
I had the .gpg file first originally and would still like it to be
first, but the objections are quite reasonable.
TC> The reason is that if you already have a .authinfo.gpg file and then
TC> attempt to access a resource for which you don't yet have credentials
TC> and the search criteria specifies the :create option, because
TC> .authinfo is first, it will attempt to save the credentials in the
TC> .authinfo file and not .authinfo.gpg. If you have things configured to
TC> ask if you want to save (the default) it will ask if you want to save
TC> to .authinfo even when it is aware you have a .authinfo.gpg file. It
TC> does not appear to give you an option to change this. If you just
TC> accept the defaults and you do use .authinfo.gpg, things will break
TC> when you add new credentials because it will create a .authinfo
TC> file.
I don't think anything is broken. auth-source is simply respecting
`auth-sources' as it's supposed to. Preferring the second source
because of some attribute (e.g. "it has the .gpg extension") is much
worse in terms of usability.
TC> Subsequent searches will never see the credentials you already have in
TC> your .authinfo.gpg file as the search stops it has found the .authinfo
TC> file.
I think that's correct behavior (most `auth-source-search' calls pass
:max 1 to get this effect).
TC> If this is not acceptable, I think the auth-source library may need to
TC> be enhanced so that it defaults to the gpg version of the file for
TC> saving when it knows one already exists.
I think it's much, much simpler to just ask the user to put the .gpg
file first in `auth-sources'.
Ted