From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.devel
Subject: Re: gmail+imap+smtp (oauth2)
Date: Fri, 06 May 2022 08:46:01 -0400
Message-ID: <jwvee16al40.fsf-monnier+emacs@gnu.org>
References: <ed5b8ef5-439f-d0c4-0854-0198b90d9ea5@secure.kjonigsen.net>
 <87k0b2tkg1.fsf@mat.ucm.es> <87zgjx4qhs.fsf@gmail.com>
 <87bkwcgmr3.fsf@mat.ucm.es> <m2pmkst729.fsf@fastmail.fm>
 <87levfzqj2.fsf@yale.edu> <871qx7scvi.fsf@gmail.com>
 <87v8ujqec5.fsf@logand.com> <87ee172fjz.fsf@gmail.com>
 <jwvczgqc2r5.fsf-monnier+emacs@gnu.org> <YnUOc+Fl4Ggvymxa@tuxteam.de>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="14780"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)
Cc: emacs-devel@gnu.org
To: <tomas@tuxteam.de>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Fri May 06 14:47:34 2022
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1nmxMs-0003Xg-9l
	for ged-emacs-devel@m.gmane-mx.org; Fri, 06 May 2022 14:47:34 +0200
Original-Received: from localhost ([::1]:51534 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1nmxMq-0001k7-UF
	for ged-emacs-devel@m.gmane-mx.org; Fri, 06 May 2022 08:47:32 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:48616)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <monnier@iro.umontreal.ca>)
 id 1nmxLa-0008QW-V4
 for emacs-devel@gnu.org; Fri, 06 May 2022 08:46:15 -0400
Original-Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:37306)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <monnier@iro.umontreal.ca>)
 id 1nmxLU-0002Dn-Py
 for emacs-devel@gnu.org; Fri, 06 May 2022 08:46:10 -0400
Original-Received: from pmg1.iro.umontreal.ca (localhost.localdomain [127.0.0.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id ED5A310029F;
 Fri,  6 May 2022 08:46:05 -0400 (EDT)
Original-Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id EEA2610012C;
 Fri,  6 May 2022 08:46:03 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1651841163;
 bh=xryBFEN3WVnpki5IO/5jiE+38IbNCezm/AZDoIwB7mI=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
 b=B3ji0YIcFbaVyUxDYZmEKYGDUtFgSRJrSh+9kjfzRNKLhacOyulqKJk623eO5RZUk
 SUEIHSRv0GyuYsKdhf95upVY6kzooZiQIdxt6TLYbK1SJccV/QhRgeb1zyS20Q8n1X
 az4S/8LmyExSn3lC9bOq8HcezpoJ42U/4bIG4jz0vQCVrh9sCt8bumQe9raStkPLPq
 rQBMudF5CGbVTVrwXdVxMF/TeYZ5gyyQ5PEE5cOZ1C+ptwj/pvA1/AwNl3NskdE2wt
 9s844BaS6tsxNTp3jyMlNzcWtS8SM2RmxV1okg2Vwpo38S87+XFwxBXqExQ+ew4T4e
 4rEvs7I/WKRzQ==
Original-Received: from pastel (unknown [45.72.221.51])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id C7BE01204CC;
 Fri,  6 May 2022 08:46:03 -0400 (EDT)
In-Reply-To: <YnUOc+Fl4Ggvymxa@tuxteam.de> (tomas@tuxteam.de's message of
 "Fri, 6 May 2022 14:02:59 +0200")
Received-SPF: pass client-ip=132.204.25.50;
 envelope-from=monnier@iro.umontreal.ca; helo=mailscanner.iro.umontreal.ca
X-Spam_score_int: -42
X-Spam_score: -4.3
X-Spam_bar: ----
X-Spam_report: (-4.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:289316
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/289316>

> We know.  They know.  We know they know.  They know we know they know.
> We've been down this drm-keys-embedded-in-application tango so many
> times already-
>
> Now someone explain to me: why do they nevertheless do it?

Regardless of this "why", I think what it means is that it's perfectly
OK to use it in Free Software, with the "secret" key in plain sight.

I think from Google's point of view all it means is that we're more
prone to DoS attacks where someone abuses the "secret" key causing
Google to revoke the key.  Google won't suffer from it, we will, so they
don't care.


        Stefan