[$] Emacs & TLS

Post Syndicated from jake original https://lwn.net/Articles/759370/rss

A recent query about the status of network security (TLS settings in
particular) in
Emacs led to a long thread in the emacs-devel mailing list. That thread
touched on a number of different areas, including using OpenSSL (or other
TLS libraries) rather than
GnuTLS, what kinds of problems should lead to complaints out of the box, what settings should be the default, and when those settings could
change for Emacs so as not to discombobulate users. The latter issue is
one that lots of projects struggle with: what kinds of changes are
appropriate for a bug-fix release versus a feature release. For Emacs, its
lengthy development cycle, coupled with the perceived urgency of
security changes, makes that question even more difficult.