[1]Emacs Security | Irreal:
If you follow the [2]Emacs-Devel list, even in a desultory way, you
probably noticed the [3]long thread going back to June concerning
Emacs' insecure usage of TLS and what it means for Emacs users.
[4]LWN.net has a nice article that [5]summarizes the discussion.
At first, the problem seemed straightforward and the solution
relatively simple but as usual with complicated software-especially
software performing a security function-things turned out to be more
difficult than they originally appeared.
You should read the article to get the whole story but the TL;DR is
that if you use Emacs to browse the Web and you live in a country
where, as RMS put it, there are thugs with torture chambers spying
on you, you should be very concerned. For most of us, there doesn't
appear to be as much danger, although there is still some threat. In
any event, a consensus, more or less, was reached and changes will
probably appear in Emacs 27.
I don't want to re-open this particular issue but I would like the
maintainers to err on the side of privacy. No one these days needs to
play the dictator card. We're all being monitored, so some measures
need to be the default.
While parts of Emacs 27 [6]I dread, I look forward to seeing how this
develops.
Also on:
[7]Twitter
__________________________________________________________________
My original entry is here: [8]Emacs Security | Irreal. It posted Sun,
04 Nov 2018 07:29:22 +0000.
Filed under: emacs,
References
1.
http://irreal.org/blog/?p=7579
2.
http://lists.gnu.org/archive/html/emacs-devel/
3.
http://lists.gnu.org/archive/html/emacs-devel/2018-06/msg00718.html
4.
https://lwn.net/
5.
https://lwn.net/Articles/759370/
6.
https://lists.gnu.org/archive/html/emacs-devel/2018-01/msg00737.html
7.
https://twitter.com/prjorgensen/status/1058985493684215808
8.
https://www.prjorgensen.com/?p=2226
