From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Cesar Crusius Newsgroups: gmane.emacs.devel Subject: Re: Making GNUS continue to work with Gmail Date: Sat, 15 Aug 2020 12:39:55 -0700 Message-ID: <87bljb1ywk.fsf@cesars-w520.i-did-not-set--mail-host-address--so-tickle-me> References: <878sf9c69y.fsf@gnus.org> <871rkw62t3.fsf@gnus.org> <87bljki71n.fsf@mat.ucm.es> <87364wxlec.fsf@gnus.org> <87imdsgmlw.fsf@mat.ucm.es> <871rkfhkhc.fsf@mat.ucm.es> <875z9p5hnc.fsf@mat.ucm.es> <87364pbkn0.fsf@gnus.org> <87lfihe0zf.fsf@mat.ucm.es> <874kp55l8t.fsf@gnus.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="36132"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) Cc: larsi@gnus.org, Cesar Crusius , emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sat Aug 15 21:41:54 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1k723t-0009Jb-Rz for ged-emacs-devel@m.gmane-mx.org; Sat, 15 Aug 2020 21:41:53 +0200 Original-Received: from localhost ([::1]:45058 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k723s-0004Ty-UP for ged-emacs-devel@m.gmane-mx.org; Sat, 15 Aug 2020 15:41:52 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:40182) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k722D-0003I9-Fd for emacs-devel@gnu.org; Sat, 15 Aug 2020 15:40:09 -0400 Original-Received: from mail-pj1-x102f.google.com ([2607:f8b0:4864:20::102f]:36525) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1k722B-0000u0-RN; Sat, 15 Aug 2020 15:40:09 -0400 Original-Received: by mail-pj1-x102f.google.com with SMTP id ha11so5816123pjb.1; Sat, 15 Aug 2020 12:40:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:message-id:user-agent :mime-version; bh=iAQg58uV80LFunmsZ+9e3O8yHZwGIaNFb/w/tmpUcww=; b=k7h4ZQgxTUwQb1twUm1hD6/Aiqq2N+aeCtcoxGTXz1U7IWYVQMONrUsc346NYjFx21 bZJ79cD8NoLG/jh3xN/pkqGMp7mGFX1pkEBMH27wYKz0IJ1YiptPfLVnajbdQ96J+j8f 0mewGu8fsEwmUc0QUkBxc2XX60xjQDonnQrYJNOmvG/MTycuzDcj4enz1aoxryO5OtfO Jkj34Sj+RoRDAyvcl/pxQP0qLJIVfHFPSGShqky99+DB9vaX5ZcwaeUuTFGNVQcfVvrC t5nTbBLtALCYXK1pwmGROuUVpIvsQSCy4yPkQpHNg/SF0kg76dEOL+LZDriWqAjyrih3 21KA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:message-id :user-agent:mime-version; bh=iAQg58uV80LFunmsZ+9e3O8yHZwGIaNFb/w/tmpUcww=; b=ePMagoMlqUK7ZifehdM0tUao9+GOJPqAo7f0Imt7GtUtW6QV/UtOsgECsRe+vIUDRW bsT6JsIqXEcqZeUtIE5/1bs1B09e2jrn7yu2CO6QtEJgUSOUtee5FzianGAZKlbW6/V8 J0NcrYYvZGGZqjVMwtp6aBKtCC1ydwgpWc/m5KR12RolXaX0gMw3TDFXUdLxr9t2RKev lgqs/MKQsxUHm52JdglRJma8QOm72F9mIga0iWBSeXJfiBjpBRsrcm7RLqrK2+BRkBx8 S2S0zJPwpr2XYjrW3VrmBGXtp92ZG73NoQg0YKOAZIgxdXC1uVxsuYsbd7XqB5h2HqFQ LYjg== X-Gm-Message-State: AOAM531hh7zqlKMfGE/6jL4zYLBGX8x/M9AYOc8YSqBY5ZXWSFVfxvLF qY+4PtDR7huuX3Z8T9Pk+f1DCFGlL7k= X-Google-Smtp-Source: ABdhPJxAPLAmZUoSh3PoCp0qN0iY3nfWCe+q8HYiCKFvkvtNde7BvMHgJqz+TiLchzVLr7Qe8JYY5Q== X-Received: by 2002:a17:90a:6843:: with SMTP id e3mr7033518pjm.89.1597520405177; Sat, 15 Aug 2020 12:40:05 -0700 (PDT) Original-Received: from cesars-w520 (c-24-4-33-27.hsd1.ca.comcast.net. [24.4.33.27]) by smtp.gmail.com with ESMTPSA id r25sm10935562pgv.88.2020.08.15.12.40.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 15 Aug 2020 12:40:04 -0700 (PDT) Received-SPF: pass client-ip=2607:f8b0:4864:20::102f; envelope-from=cesar.crusius@gmail.com; helo=mail-pj1-x102f.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:253820 Archived-At: --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Richard Stallman writes: >> It looks like this approach keeps popping up as a "possible >> solution," so I'll just point out again that this is _already >> implemented_ in the package above, and is being used by various people >> to make Gnus work with Gmail and XOAuth2. The discussion here is about >> how to _avoid_ having to do that. > > What IS "this approach"? Does it get a key that GNUS can use for everyon= e? > Does it have each user get a key from Google? Others already replied, but in any case: the approach I and Lars were reply= ing to and was quoted in my message, namely >>> Yeah, we could just use that and tell the users to "just" register their >>> own developer accounts at Google and then put the keys somewhere. It's >>> a really really horrid experience to go through, though, and Google will >>> sic an API compliancy review at the users at random. ... so each user gets a key from Google. The procedure for doing so is docu= mented in the auth-source-xoauth2 package. The only difference between this= and the "one key GNUS can use for everyone" approach is that the latter re= quires (a) an official, Google-approved, GNUS/Emacs app registered from whi= ch keys can be shared, and (b) a key sharing mechanism. From=20what I've seen from Kmail/Kontact/KPim/etc replies, (a) and (b) is e= xactly what they are doing, and there's no way around this. The only questi= on is how to achieve those in a way that is compatible with both Google ter= ms and FSF requirements, if there is such a way. Thunderbird "achieves" (b)= by having "secret" keys in source code. I don't know what the K* applicati= ons do, it did not seem to be specified in their discussions. In any case, (b), which seems to be the unsolvable puzzle, isn't even worth= pursuing if (a) is not doable under FSF requirements, and that is somethin= g that only somebody from the FSF can determine. Looks to me like the most direct course of action here would be for somebod= y from the FSF to contact *Google themselves* and ask them for guidance on = how to make libre software make use of OAuth2 authentication. They may say = "can't be done, we won't allow it," but at least the discussion will have a= n official resolution then and there. =2D-=20 Cesar Crusius --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAEBCAAdFiEEsu/ErKn7yEV7E0FU/X9qSDfQj2EFAl84OgsACgkQ/X9qSDfQ j2HEzwv/Zp0hrbLuboDtoqy0jQrI5WLi7I1JPqQvs9PfUZKVK0W4MNidKtVYAYRH 4V0SMM1LGUNZttCK6bMHvLOE0ZranI84pIl6Q4xNARgRBiBlk66366qozfzulwUR dtHLZOm7R4VKZHIw9kkcvztD0LeURaXB/eu9Hvj9Qw3vgIRGCRaPe0zQCHfXity4 aInQFWHjy69PvfAJSCp8xAerC8K7Og0tFLXikYmjUKLbej3LVa/vP3/5/VQsxEJh 7vB34qMGOx13ITjO3FEEjbhtwMR2DfVP9UhEHSuDK7Rw1rNzBbhe9A11dE5z8H6h eCaSizp9d0D4gKI7AdEXIGG/arhI4+PyHjnTYcGUGC6Ni93w4GhjwWJ37/2EmXNc zJd8Potn0/t0jXjw5h77/IGcso0m4fDYan4jXKe1AqmF0xCallL2sKuFHREFmSFv sbA7qtb/oiENbjjKHm5ppNC82oUOl2mYt/lL2b+DMhkyla1oYZY8JQUNIbvKOvNP DaahpSMi =7G7O -----END PGP SIGNATURE----- --=-=-=--