Emacs Security | Irreal:

If you follow the Emacs-Devel list, even in a desultory way, you probably noticed the long thread going back to June concerning Emacs' insecure usage of TLS and what it means for Emacs users. LWN.net has a nice article that summarizes the discussion.

At first, the problem seemed straightforward and the solution relatively simple but as usual with complicated software-especially software performing a security function-things turned out to be more difficult than they originally appeared.

You should read the article to get the whole story but the TL;DR is that if you use Emacs to browse the Web and you live in a country where, as RMS put it, there are thugs with torture chambers spying on you, you should be very concerned. For most of us, there doesn't appear to be as much danger, although there is still some threat. In any event, a consensus, more or less, was reached and changes will probably appear in Emacs 27.

I don't want to re-open this particular issue but I would like the maintainers to err on the side of privacy. No one these days needs to play the dictator card. We're all being monitored, so some measures need to be the default.

While parts of Emacs 27 I dread, I look forward to seeing how this develops.

Also on:

Twitter



My original entry is here: Emacs Security | Irreal. It posted Sun, 04 Nov 2018 07:29:22 +0000.

Filed under: emacs,