bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#26102: movemail can't connect mail server


From: Eli Zaretskii
Subject: bug#26102: movemail can't connect mail server
Date: Thu, 16 Mar 2017 17:31:22 +0200

> Cc: hengaini2055@qq.com, 26102@debbugs.gnu.org
> From: Paul Eggert <eggert@cs.ucla.edu>
> Date: Wed, 15 Mar 2017 15:48:50 -0700
> 
>     I'm against removing features for no good reason.
> 
> Sure, but there is a good reason here: Emacs movemail supports only 
> unencrypted POP3 connections, which has real security problems in typical 
> network environments today.

Which is why Rmail prefers Mailutils, if installed.

> Also, as can be seen earlier in this thread, having two 'movemail' commands 
> confuses users and can trip them up.

As I wrote elsewhere, the confusion which started this thread has
nothing to do with how many movemail's and of which origin are
installed.  The cockpit errors in the command line would have failed
with any version of movemail.  Moreover, AFAIK there's no Windows port
of GNU Mailutils, so no way to have more than one version of movemail
on that OS, for which the bug was filed.

> I take your point that there is a backwards-compatibility argument for 
> installing a movemail program that converts mailboxes from system format to 
> Emacs format, when GNU Mailutils is not available. However, we should not 
> distribute a movemail program that encourages users to read their mail 
> unencrypted over a network -- although that may have been OK in the 1980s 
> when POP support was added to movemail, it's a grave disservice to users in 
> typical environments today.

It's not a disservice.  No one forces users to use this version, let
alone encourages them.  Quite the contrary.

> Attached are two proposed patches to try to improve the current situation. 
> The first removes unencrypted POP3 support from Emacs movemail, as it's a 
> significant security blunder to insist on unencrypted network connections 
> these days. The second changes the Emacs build procedure so that there is a 
> configure-time option for whether to install the substitute 'movemail' 
> program instead of relying on GNU Mailutils 'movemail'; the idea is to let 
> distributors decide whether to make GNU Mailutils be a prerequisite for 
> reading email in Emacs.

Both patches, as proposed, are too drastic.  I could agree to the
second one, provided that the default is changed to build and install
our movemail -- this will let distributors decide whether to install
it or not, while keeping backward compatibility.  (The NEWS part of
your patch should then be changed accordingly.)

Thanks.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]