From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/14701 Path: main.gmane.org!not-for-mail From: Hallvard B Furuseth Newsgroups: gmane.emacs.gnus.general Subject: Re: no forced authinfo in 5.6.2? Date: 20 Mar 1998 11:44:06 +0100 Sender: owner-ding@hpc.uh.edu Message-ID: References: <199803161922.OAA28792@alderaan.gsfc.nasa.gov> NNTP-Posting-Host: coloc-standby.netfonds.no X-Trace: main.gmane.org 1035153851 17757 80.91.224.250 (20 Oct 2002 22:44:11 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Sun, 20 Oct 2002 22:44:11 +0000 (UTC) Return-Path: Original-Received: from xemacs.org (xemacs.cs.uiuc.edu [128.174.252.16]) by altair.xemacs.org (8.8.8/8.8.8) with ESMTP id CAA30001 for ; Fri, 20 Mar 1998 02:29:00 -0800 Original-Received: from gizmo.hpc.uh.edu (gizmo.hpc.uh.edu [129.7.102.31]) by xemacs.org (8.8.5/8.8.5) with ESMTP id EAA05979 for ; Fri, 20 Mar 1998 04:45:52 -0600 (CST) Original-Received: from sina.hpc.uh.edu (sina.hpc.uh.edu [129.7.3.5]) by gizmo.hpc.uh.edu (8.7.6/8.7.3) with ESMTP id FAN01982; Fri, 20 Mar 1998 05:21:10 -0600 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Fri, 20 Mar 1998 04:44:54 -0600 (CST) Original-Received: from claymore.vcinet.com (claymore.vcinet.com [208.205.12.23]) by sina.hpc.uh.edu (8.7.3/8.7.3) with SMTP id EAA12025 for ; Fri, 20 Mar 1998 04:44:43 -0600 (CST) Original-Received: (qmail 27198 invoked by uid 504); 20 Mar 1998 10:44:30 -0000 Original-Received: (qmail 27195 invoked from network); 20 Mar 1998 10:44:30 -0000 Original-Received: from mons.uio.no (HELO mons) (6089@129.240.130.14) by claymore.vcinet.com with SMTP; 20 Mar 1998 10:44:30 -0000 Original-Received: from bombur2.uio.no (actually bombur2.uio.no [129.240.200.72]) by mons with SMTP (PP); Fri, 20 Mar 1998 11:44:08 +0100 Original-Received: by bombur2.uio.no ; Fri, 20 Mar 1998 11:44:07 +0100 (MET) Original-To: ding@gnus.org In-Reply-To: "Edward J. Sabol"'s message of "Mon, 16 Mar 1998 14:22:42 -0500" Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:14701 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:14701 "Edward J. Sabol" writes: >> If I have an authinfo password there, why would I want not to use it? > > I thought the same thing, but Lars convinced me otherwise: Oh well. > I think you miss the point. You *can* point gnus-authinfo-file to your > ~/.netrc, but you don't *have* to. Right. Good argument against the two points you quoted, but not against the one you skipped: * If the same machine has a trusted FTP maintainer and an untrusted (unknown/experimental/...) NNTP maintainer, and it has my FTP password in .netrc, then the NNTP maintainer can ask Gnus to send him my FTP password. Users *will* copy setup files from more experienced users, or choose options that feel nifty, without reading up the details about each option. A program should *not* offer nifty-looking security holes like this, unless it makes sure to throw a warning in his face. Require him to put `macdef no-nntp-security-warnings' in ~/.netrc to shut it up, or something. Presumably he won't copy another user's .netrc:-) >> Maybe this format will fix it: >> >> machine some.server login hbf password ftppassword >> machine nntp/some.server login hbf password newspassword > > Yuck. Yup. But it's the least ugly way to handle authinfo-file=~/.netrc I can think of. -- Hallvard