On 2017-09-09 Lev Lamberov <dogs...@debian.org> wrote: > Сб 09 сен 2017 @ 12:56 David Bremner <da...@tethera.net>: >> Lev Lamberov <dogs...@debian.org> writes: >>> I'd like to rise again the reporter concern [0] about availability of >>> pinentry-emacs in Debian, because I'd be very-very happy to see it >>> there. The support of pinentry-emacs is required for the pinentry Emacs >>> pacakge [1]. I've read the thread (and also looked through cited >>> upstream issues), but was not able to find any conclusion on the issue.
>> I'm not very convinced by the argument (on the upstream bug) that using >> emacs for pinentry is no riskier than pinentry-gtk2. >> >> - the vast majority of emacs users that I interact with use software >> from outside elpa.gnu.org, so I don't think any security standards for >> elpa (supposing we grant that those are real) provide much >> comfort. >> >> - I can't evaluate the effectiveness of the various OS level protections >> against ptrace, but at least some exist. The emacs memory model is >> extremely simple: every "application" has read/write access to every >> other "application"'s memory. There might be some clever things that >> can be done, but I suspect the very features that make emacs so >> extensible mean there are many many attack vectors (how about just >> redefining or advising read-passwd?). >> >> - Several popular packages for emacs are network facing (e.g. irc >> clients). This means that in principle users are exposed to remote >> attacks. Imagine we integrated an IRC client into pinentry-gtk2. > OK, I see your point and convinced with your argument. Thank you very > much for your input! Good morning, I am now closing this bug report. Quoting https://dev.gnupg.org/T6909 | pinentry-emacs is obsolete. It's for older Emacs (<= 25, IIUC) which had | lisp/pinentry.el. For Emacs 26 and newer, we can simply use | epa-pinentry-mode having the value of loopback. | | Emacs 26 was released in May 2018. We could drop pinentry-emacs from | next release of pinentry. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
