From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/75017 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.gnus.general Subject: Re: Streamlining first-time Gnus usage Date: Wed, 15 Dec 2010 09:31:15 -0600 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87r5djyrwc.fsf@lifelogs.com> References: <87tyiho54m.fsf@member.fsf.org> <87mxo9nz3u.fsf@netarch.haselwarter.org> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1292427186 10824 80.91.229.12 (15 Dec 2010 15:33:06 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 15 Dec 2010 15:33:06 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M23373@lists.math.uh.edu Wed Dec 15 16:33:02 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PStLh-0008IU-NE for ding-account@gmane.org; Wed, 15 Dec 2010 16:33:02 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1PStKO-00029d-BV; Wed, 15 Dec 2010 09:31:40 -0600 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1PStKN-00029U-5u for ding@lists.math.uh.edu; Wed, 15 Dec 2010 09:31:39 -0600 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1PStKI-0007is-35 for ding@lists.math.uh.edu; Wed, 15 Dec 2010 09:31:38 -0600 Original-Received: from lo.gmane.org ([80.91.229.12]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1PStKF-0002QK-Sv for ding@gnus.org; Wed, 15 Dec 2010 16:31:31 +0100 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1PStKF-0007PK-DO for ding@gnus.org; Wed, 15 Dec 2010 16:31:31 +0100 Original-Received: from 38.98.147.130 ([38.98.147.130]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 15 Dec 2010 16:31:31 +0100 Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 15 Dec 2010 16:31:31 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 30 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: 38.98.147.130 X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux) Cancel-Lock: sha1:ryXcbTztyGL/OkmjkI13VWpzkXc= X-Spam-Score: -0.7 (/) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:75017 Archived-At: On Mon, 13 Dec 2010 22:57:56 +0100 Lars Magne Ingebrigtsen wrote: LMI> Philipp Haselwarter writes: >> rot13+base64 encryption? Like, rot13+base64 instead of encryption? Don't >> get it :\ LMI> It's like a joke. >> Wouldn't that be what >> `epa-file-cache-passphrase-for-symmetric-encryption' is for? LMI> That caches the password for the file itself. (In plain text in-memory, LMI> by the way.) Nothing stored in Emacs' memory is reasonably secure (an attacker would need very little effort to compromise such secrets). The Secrets API is the only reasonable way to manage secrets so only some of them leak into Emacs. But we discussed secure tokens that are only accessible in special ways, right? Those could store their contents in a more secure way and at least mitigate the risks. A very common theme in the security literature, a theme which even rank amateurs like me can pick up, is that perfect security is impossible and the game is about trading risk mitigation for convenience. Emacs is currently 100% on the convenience side and thus full of security risks. I'm not sure that the Emacs community would welcome a move in the other direction. They may say so, but I would be suspicious even then. If they can't even get package namespaces together... Ted