[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#15905: 24.3; url-copy-file sometimes silently downloads garbage or i

From: Live System User
Subject: bug#15905: 24.3; url-copy-file sometimes silently downloads garbage or incomplete file
Date: Mon, 22 Feb 2016 13:45:54 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Lars Magne Ingebrigtsen <address@hidden> writes:

> John Wiegley <address@hidden> writes:
>> Lars, what is the argument for rejecting external TLS programs, for and
>> against?
> I don't know what the pro argument is.

One of the pro arguments, of course, is choice.

> The argument against is that using external programs doesn't go through
> the Emacs network security manager, and TLS validation either has to be
> switched off ("--insecure") or switched on for all connections.  Which
> is, of course, unacceptable.

You can use certificates with the -CApath argument to OpenSSL just like
GnuTLS uses trustfiles -- it doesn't have to be all or nothing.

I'm not suggesting that the ("--insecure") switch be the default but why
actively prevent users from using OpenSSL or any other external SSL/TLS
program if they choose to do so and go through the trouble of setting
it up for themselves?

No one is against having internal GnuTLS and NSM facilities as a
convenience and a security feature enabled and setup for users as
the default environment.

But please reconsider removing choice for users.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]