[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#15905: 24.3; url-copy-file sometimes silently downloads garbage or i
|
From: |
Live System User |
|
Subject: |
bug#15905: 24.3; url-copy-file sometimes silently downloads garbage or incomplete file |
|
Date: |
Mon, 22 Feb 2016 13:45:54 -0500 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> John Wiegley <jwiegley@gmail.com> writes:
>
>> Lars, what is the argument for rejecting external TLS programs, for and
>> against?
>
> I don't know what the pro argument is.
One of the pro arguments, of course, is choice.
>
> The argument against is that using external programs doesn't go through
> the Emacs network security manager, and TLS validation either has to be
> switched off ("--insecure") or switched on for all connections. Which
> is, of course, unacceptable.
You can use certificates with the -CApath argument to OpenSSL just like
GnuTLS uses trustfiles -- it doesn't have to be all or nothing.
I'm not suggesting that the ("--insecure") switch be the default but why
actively prevent users from using OpenSSL or any other external SSL/TLS
program if they choose to do so and go through the trouble of setting
it up for themselves?
No one is against having internal GnuTLS and NSM facilities as a
convenience and a security feature enabled and setup for users as
the default environment.
But please reconsider removing choice for users.
Thanks.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#15905: 24.3; url-copy-file sometimes silently downloads garbage or incomplete file,
Live System User <=