From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: gmail+imap+smtp (oauth2) Date: Sun, 08 May 2022 19:35:32 -0400 Message-ID: References: <871qxbdulc.fsf@mat.ucm.es> <877d72nf3h.fsf@gmail.com> <87v8ul4ad4.fsf@gmail.com> <87r157qcta.fsf@logand.com> <87wneyc6zu.fsf@gmail.com> Reply-To: rms@gnu.org Content-Type: text/plain; charset=Utf-8 Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="14973"; mail-complaints-to="usenet@ciao.gmane.io" Cc: tom@logand.com, fitzsim@fitzsim.org, jostein@kjonigsen.net, emacs-devel@gnu.org To: Tim Cross Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon May 09 01:36:35 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nnqS2-0003gv-MP for ged-emacs-devel@m.gmane-mx.org; Mon, 09 May 2022 01:36:34 +0200 Original-Received: from localhost ([::1]:36574 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nnqS1-0005BV-EI for ged-emacs-devel@m.gmane-mx.org; Sun, 08 May 2022 19:36:33 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:36026) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nnqR4-0003Vg-Ny for emacs-devel@gnu.org; Sun, 08 May 2022 19:35:34 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:40890) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nnqR3-0003XR-9M; Sun, 08 May 2022 19:35:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=Date:References:Subject:In-Reply-To:To:From: mime-version; bh=w3PW9cJCae2y5Sw/rkDobt/ebts2Uaesu5QmDyXKEYM=; b=Es4DdY4PeygK stl4pFJkdGSE25FVCfpHGS7P0GdickjXl+ftVSd533PHefAq5Tt2Hth1I6aX15UjOpWHP5uZr8Zx2 D3ImSPrblbq6doVkj4z/x5z2EFc+TRvZIitUZy+mWQB5Bg6EvlNjY859cD+4RAo6Yucl6rXsKrpEa 8rOQWwowZxKTAFKT+adKNweBLrpWt1Ktuwniy75vP7Tyir9Q7gS5qCYdeZ+PjpwMQg7FAsEHWQBck mSGllYjLrkxcZdlI8fuQxIhmp/AO5rcECkEFdM970KZcziBJRCmn0bGvInwjrr/kl4/oPhdli058H /Y18ksvqjWHpybEo0PD/YA==; Original-Received: from rms by fencepost.gnu.org with local (Exim 4.90_1) (envelope-from ) id 1nnqR2-0005Vc-PG; Sun, 08 May 2022 19:35:32 -0400 In-Reply-To: <87wneyc6zu.fsf@gmail.com> (message from Tim Cross on Sat, 07 May 2022 13:22:33 +1000) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:289502 Archived-At: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] Thanks very much for spelling out the whole situation clearly. (Where does TOTP fit into this picture?) > At this stage, I do not know of any way to create/register a google > account which does not require Javascript and the status of that > javascript is unknown, but can be expected to be non-free. Once you have > created an account, the only way to access your account 'settings' page > is to login to the Google site, again requiring use of non-free > javascript. This is an injustice, of course. It is one reason to refuse to use Gmail. It may be possible to write free replacement Javascript code and use that instead. But it doesn't pertain to Emacs in particular, so we don't need to go into it here. In case a school demands you have a Gmail account, it would be useful if we had instructions to send to the staff, saying, "You may create the account, choose a password, and tell it to me. (Since it will only be for email to and from the school, it makes no difference to me that school staff will know the password.) Please choose an account name with no resemblance to my name. Please set the account settings as follows so that my software can access the account." > Google has started enforcing 2FA (now mandatory on all new accounts). If 2FA is enabled, in which situations does the user have to do the 2FA procedure? And how many times? Only once, for setup -- or repeatedly? This, I think, is where the possibility of using hardware keys such as the Yubikey, is pertinent, > Personally, I think the thunderbird position is the right one. It > minimises the need to use non-free software and I think it is unlikely > Google will cancel their application ID. Even if they do, all the user > then needs to do is setup application passwords and use them. I tend to agree, except that the FSF can't do it by making a contract with Google that we intend not to keep. > What might be good is if the FSF could get clarification from Google > regarding the T&C requirements for application ID. Actually I doubt that Google would respond. Also, > There are some risks associated with requesting clarification. If google > comes back and categorically states the application ID cannot be > embedded in *a free* program that is a cogent reason not to ask, (We shun the term "open source" because it implies rejection of our moral stance. Likewise the term "closed source", which also rejects it. See https://gnu.org/philosophy/open-source-misses-the-point.html.) -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)