List Info

Thread: Re: Moving files from lisp/gnus/ to lisp/net/?
Re: Moving files from lisp/gnus/ to lisp/net/?
user name
 2007-11-06 08:01:14 
2007/11/6, Richard Stallman <rmsgnu.org>:

>     The existing `read-passwd' API is not suitable for
password.el, because
>     each password needs to be associated with an
application-dependent
>     'key'.  There is no parameter for that in
`read-passwd'.  Do you think
>     it is worth adding one?
>
> I see no harm in adding one.  Adding it at the end
would avoid
> incompatibility.
>
>     Alternatively, and what I consider the best idea
(but it was some time
>     since this was discussed and I may very well have
forgotten some
>     important point): let's make `read-passwd' a more
lower-level primitive,
>     used by `password-read'.
>
> All else being equal, I'd rather avoid adding another
level of function
> calling.  It increases the total complexity, and I
don't see any benefit.
> What is the benefit here?

Even though read-passwd is not perfectly secure, it is far
better than
password caching in elisp.  If read-passwd does password
caching by
itself and the docstring says so, thoughtless programmers
will tend to
use that feature in every case.  That will cause spreading
insecure
code.

So I like the latter idea, or rather to let password-read
have longer
name like password-read-and-cache.

Regards,
-- 
Daiki Ueno


_______________________________________________
Emacs-devel mailing list
Emacs-develgnu.org
htt
p://lists.gnu.org/mailman/listinfo/emacs-devel
Re: Moving files from lisp/gnus/ to lisp/net/?
country flaguser name
United States		 2007-11-07 01:55:39 
    > All else being equal, I'd rather avoid adding
another level of function
    > calling.  It increases the total complexity, and I
don't see any benefit.
    > What is the benefit here?

    Even though read-passwd is not perfectly secure, it is
far better than
    password caching in elisp.  If read-passwd does password
caching by
    itself and the docstring says so, thoughtless
programmers will tend to
    use that feature in every case.  That will cause
spreading insecure
    code.

I do not understand the argument you are making.  I was
talking about
two alternatives for writing the Lisp code: one function and
two
functions.  I don't know how to relate what you said to that
choice.


_______________________________________________
Emacs-devel mailing list
Emacs-develgnu.org
htt
p://lists.gnu.org/mailman/listinfo/emacs-devel
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )