From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.devel Subject: Re: Proposal for an Emacs User Survey Date: Sat, 17 Oct 2020 08:44:46 +0300 Message-ID: <20201017054446.GW11061@protected.rcdrun.com> References: <20201016142436.187b8210@argon> <20201016152523.6fdfef65@argon> <6142a27f-c53b-35bf-1038-5f047395e868@yandex.ru> <20201016204531.77fab05b@argon> <725aa7c4-321f-4483-5a21-a148ff7f119b@yandex.ru> <20201016213312.603595fe@argon> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="33211"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/1.14.0 (2020-05-02) Cc: mve1@runbox.com, Dmitry Gutov , Richard Stallman , emacs-devel To: Thibaut Verron Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sat Oct 17 07:45:34 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kTf26-0008XK-5s for ged-emacs-devel@m.gmane-mx.org; Sat, 17 Oct 2020 07:45:34 +0200 Original-Received: from localhost ([::1]:38694 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kTf25-0000qf-2m for ged-emacs-devel@m.gmane-mx.org; Sat, 17 Oct 2020 01:45:33 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:53114) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kTf1X-0000QX-Tb for emacs-devel@gnu.org; Sat, 17 Oct 2020 01:44:59 -0400 Original-Received: from static.rcdrun.com ([95.85.24.50]:52249) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kTf1V-0007M0-8u; Sat, 17 Oct 2020 01:44:59 -0400 Original-Received: from localhost ([::ffff:41.210.154.50]) (AUTH: PLAIN admin, TLS: TLS1.2,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by static.rcdrun.com with ESMTPSA id 00000000002A0B3E.000000005F8A84D6.000043BB; Sat, 17 Oct 2020 05:44:53 +0000 Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=95.85.24.50; envelope-from=bugs@gnu.support; helo=static.rcdrun.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/17 01:07:20 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:257913 Archived-At: * Thibaut Verron [2020-10-17 07:50]: > I gave my reasons above. It's not just about "helping users", it's > about helping them move more of their activities to the free world. > Those packages (helm-lastpass, lastpass) are helping users who already > use lastpass at the moment do exactly that. > > > Nonfree > > software is an injustice -- nonfree software subjugates users. > > Our goal is to _eradicate it_. > > Again, the same question: by arranging for links to such software to > be removed everywhere? Or by offering free alternatives? > > Incidentally, I see a lot of effort so far discussing how evil > helm-lastpass and lastpass are, and how to get them moved to obscure > parts of the internet. What I don't see is efforts discussing free > alternatives. There are many password managers in any GNU/Linux system, including, I am sure, and there are cross platform free software password managers such as keepass, then there are packages that can manage passwords with Emacs only, those may not be well integrated, then both KDE/Gnome have their password managers, each browser has it password managers. Especially when we are talking about subject of password management, advising GNU Emacs users to keep their passwords online in a cloud, managed by proprietary software is very wrong. Thus there is no alternative to free software. >From Wikipedia: https://en.wikipedia.org/wiki/LastPass https://en.wikipedia.org/wiki/LastPass#2011_security_incident https://en.wikipedia.org/wiki/LastPass#2015_security_breach https://en.wikipedia.org/wiki/LastPass#2016_security_incidents https://en.wikipedia.org/wiki/LastPass#2017_security_incidents https://en.wikipedia.org/wiki/LastPass#2019_security_incidents Those are only publicly announced security incidents. How many there are not announced? In that sense, knowing the background of the insecurities at the company producing proprietary software, the package lastpass for Emacs and helm-lastpass is only helping that company subjugates users to keep their passwords online and sooner or later abuse Emacs users. My system of keeping passwords is the file .passwords which is stored on encrypted partition. It is appendable only file by using chattr +a, and Emacs asks me for host name, username, email, etc. and it generates password which is appeneded to a file. Other simple function is grepping and finding list of passwords. It would be disaster to keep my 4362 passwords online, unsaid of keeping it in some cloud with a company known for security incidents. At MELPA bug tracking, or Github issue tracker, the issue is closed, there was no question if the package "lastpass" is driving users to insecurities, issue was simply closed, without possibility to publish this exact information.