From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.devel Subject: Re: Proposal for an Emacs User Survey Date: Sun, 18 Oct 2020 08:49:36 +0300 Message-ID: <20201018054936.GB9782@protected.rcdrun.com> References: <6142a27f-c53b-35bf-1038-5f047395e868@yandex.ru> <20201016204531.77fab05b@argon> <725aa7c4-321f-4483-5a21-a148ff7f119b@yandex.ru> <20201016213312.603595fe@argon> <20201017054446.GW11061@protected.rcdrun.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="25552"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/1.14.0 (2020-05-02) Cc: mve1@runbox.com, dgutov@yandex.ru, thibaut.verron@gmail.com, emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Oct 18 07:50:58 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kU1ar-0006X1-Ut for ged-emacs-devel@m.gmane-mx.org; Sun, 18 Oct 2020 07:50:57 +0200 Original-Received: from localhost ([::1]:37012 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kU1ar-0007v7-0m for ged-emacs-devel@m.gmane-mx.org; Sun, 18 Oct 2020 01:50:57 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:35710) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kU1Zm-0007P2-Mq for emacs-devel@gnu.org; Sun, 18 Oct 2020 01:49:50 -0400 Original-Received: from static.rcdrun.com ([95.85.24.50]:34949) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kU1Zk-000079-Lx; Sun, 18 Oct 2020 01:49:50 -0400 Original-Received: from localhost ([::ffff:41.210.141.103]) (AUTH: PLAIN admin, TLS: TLS1.2,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by static.rcdrun.com with ESMTPSA id 00000000002A0B42.000000005F8BD779.0000115F; Sun, 18 Oct 2020 05:49:45 +0000 Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=95.85.24.50; envelope-from=bugs@gnu.support; helo=static.rcdrun.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/18 01:16:46 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:258002 Archived-At: * Richard Stallman [2020-10-18 07:17]: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > 1. Looking for free password managers on GNU/Linux makes sense, > and perhaps developing another would be useful. There are many password managers as free software including those that work on various operating system and mobile devices. There is GNU password manager: https://www.gnu.org/software/gnu-pw-mgr/ There are GUI password managers in Gnome and KDE, there is closs-platform keepass and many others: pass - lightweight directory-based password manager passwordsafe - Simple & Secure Password Management qtpass - GUI for password manager pass gnome-pass-search-provider - GNOME Shell search provider for the pass password manager impass - Simple and secure password management and retrieval system ylva - command line password manager What the proprietary software lastpass do, they provide online cloud service for people to store passwords so that they are accessible from various devices. Maybe 60 million people use that software. As I am not of opinion that passwords should be stored online, I will not say that such software is necessary. Other people will argue it is necessary. Additionally there are password management packages for Emacs out there that do not use proprietary software. There is Syncthing free software package that can synchronize files across devices, it could also synchronize passwords, it would not be well integrated. > 2. If and when the free password managers are miles above lastpass, it > could happen that no one has a rational use for lastpass except due to > habit. There is no rational use to store passwords at centralized server by using proprietary software, as one cannot know exactly how they encrypt those passwords, neither is management of their server and breahes of security transparent. What can make sense in free software world is cross platform password manager that users can host on their own server while knowing what type of encryption is used there. > If and when that happens, perhaps people could modify the Lisp package > for using lastpass so that it clearly informs users, that lastpass is > not worth even trying and they should instead try the free password > managers X, Y, Z. That is good idea, MELPA can be replicated and some packages could be automated to be made unusable with such warning. > 3. Once that change is, perhaps that Lisp package would be so unlikely > to lead anyone to use lastpass that we would have no reason to worry > about informing users about its existence. In particular, it would > not be a flaw in MELPA that MELPA contains it. It would not be flaw if package author would agree with you. The fact that package author made the package shows that there is opinion difference, so it cannot work that way. It can only work by third party that is not MELPA, to duplicate MELPA and offer it in safe way to users. > 5. If someday MELPA contains no programs that might lead users > to use a nonfree program, another one might be added at any time. > As long as the MELPA maintainers say it is ok to add such packages, > we have to suppose that more such packages may be added. That is right, exactly that is the problem, they consider if software package is GNU GPL, that it is enough regardless if package is subjugating user. What I consider larger problem at hand is that MELPA is developed on Github, Emacs package contributors have to use none free Javascript to become developers and they all bind themselves to centralized development system held by Microsoft.