From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: Emacs project mission (was Re: "If you're still seeing problems, please reopen." [ Date: Mon, 30 Dec 2019 18:54:39 +1100 Message-ID: References: <20191117113054.49837.qmail@mail.muc.de> <87pnhq7mxg.fsf@gnus.org> <87bltaz9g4.fsf@telefonica.net> <834kz25qp9.fsf@gnu.org> <87y2wexsv1.fsf@telefonica.net> <20191118175639.08d02820@jabberwock.cb.piermont.com> <874kz0pa9y.fsf@gnus.org> <87sgmjyn60.fsf@gmx.de> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="00000000000082aab5059ae728fc" Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="43066"; mail-complaints-to="usenet@blaine.gmane.org" Cc: =?UTF-8?Q?=C3=93scar_Fuentes?= , perry@piermont.com, Michael Albinus , Dmitry Gutov , Lars Magne Ingebrigtsen , Emacs developers To: rms@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Dec 30 08:55:29 2019 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1ilpth-000B3k-0R for ged-emacs-devel@m.gmane.org; Mon, 30 Dec 2019 08:55:29 +0100 Original-Received: from localhost ([::1]:59166 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ilptf-0006ge-Sc for ged-emacs-devel@m.gmane.org; Mon, 30 Dec 2019 02:55:27 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:58568) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ilptB-00069A-6c for emacs-devel@gnu.org; Mon, 30 Dec 2019 02:54:58 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ilpt9-000507-Hl for emacs-devel@gnu.org; Mon, 30 Dec 2019 02:54:57 -0500 Original-Received: from mail-ot1-x343.google.com ([2607:f8b0:4864:20::343]:45703) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ilpt7-0004zP-Dq; Mon, 30 Dec 2019 02:54:53 -0500 Original-Received: by mail-ot1-x343.google.com with SMTP id 59so45297335otp.12; Sun, 29 Dec 2019 23:54:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5rDRDWwughP9qWCnA1LSI+ieZ4l8/H4yf6CRrpu492Y=; b=I5OmHQh6VVykB6MdPh/D51JW5BFjE7W9JVV/BArinIR1blVkRvWSL7ui/n1J3UDpRc ptFb8bqJX8t+R7hNOFxoMLkyDwI1jq6agQFpPMIvfSmiGoetvO6SreTKMkQUGjUtxFM9 E2AOfqbFX4ej2Y6BGe87VguIpI0KyCCmr1p947Xki046M5FxYiBOtt0zHeD7TVB8BJxm 2hnX2P7hCK+V1Pv2iWg5GuLeYCB6D+/R/aReIuFxxhgZJm3fTbdDAVDk6O9yonx5/G8o AnngCzzi15BCMdBmfflaDTRurgiVFjf/JHzZYPqQlSyvhIVKvKNAx0lSQpuZVmYLW0eS pvXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5rDRDWwughP9qWCnA1LSI+ieZ4l8/H4yf6CRrpu492Y=; b=U59V5Yfd9kDvweUNjzsSeYS/m6zmLnH9YHrHus3eWxqMJ7K9huBgKv3U3AI1BDNtvx ah9/J60jEGIAoeSI1W3jCOjJkf3yfdIqwIHFlE3F8tqZZF/0NOGF2F6KxvdXj7Boeo1n ZMdDpKFBzKzBC6nXluB09ocp0KFXhNjTM+CLS/5DsXx1j7QgwznPEmhksinrkH7mtMQe Y/jS7gN54N3ei1ktThiKVO9QDcytg8Y8j1iHJ7eJnpQS4TxAlPEE5Xwwm+nZ4xzqeBq+ W5n3gXj+HeKzC9XOakxOAYTbiEcRWF+bMpeMiq/bRvXh+quoEpLlCZ6SPG9AIM7KRlu2 n+fA== X-Gm-Message-State: APjAAAXLoDonP9ys62LGVElTs+soEX9zp1KBSIUIVd0mPY8826M9+3cS Rwplg+NOkyMdwEf8rsIdtPRzIOKbtLTFxj/+8C4p1G68 X-Google-Smtp-Source: APXvYqzr0f+bysXPeIli6b+qkdxKhg5J8kqo7LtuUJj9Q2oKi4Kwi50nenCy7sm8Igr5eYbZTOdEBJXVouNbE3QMf08= X-Received: by 2002:a9d:3f61:: with SMTP id m88mr55807583otc.56.1577692491326; Sun, 29 Dec 2019 23:54:51 -0800 (PST) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::343 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:243759 Archived-At: --00000000000082aab5059ae728fc Content-Type: text/plain; charset="UTF-8" I think it would be a good idea if the GNU infrastructure was modified to also be an OATH2.0/openID provider. These are open standards and there are a number of open source implementations (for example https://github.com/ory/hydra which is Apache 2.0). It would likely improve the reliability and security of FSF/GNU IAM infrastructure[*} and enable users with FSF/GNU identities to use them with approved/authorised identity consumers. However, there would likely be some significant architecture changes required, though this could be done in stages. The side benefit would be an ethical identity provider that could be used by those who have a FSF/GNU login. With regards to the specific question as to whether some form of 'generic' identity could be used to allow bug reports to be lodged without the need for the user to have an oauth identity, the answer is yes, this cold be done. Whether this is a good idea is another question. In general, 'generic' identities are a bad thing and should be avoided (for example, what would you do if someone were to abuse this identity and script the logging of large numbers of bogus bug reports? You don't want to disable the identity as it would adversely impact legitimate use. This does not mean it cannot be done, only that it would require careful consideration of such risks. Personally, I'm not sure why we seem to keep considering this as a 'all or nothing' solution. Why can we not have the best of both. Have an email gateway to submit bugs in a similar manner to how it is done now AND a web interface to log, browse, update issues for those with an oauth2.0 compliant login and who want that level of access? You could even setup the report bug functionality to use an oauth based form submission if the user has setup an oauth2 id and fall back to email if they don't. [*} I don't know anything about FSF/GNU infrastructure or the underlying architecture. However, I have been involved in a number of IAM projects in both medium and large organisations and have seen the maintenance and support benefits of a solid identity provider used by all the applications in an organisation. I have also seen the challenges, maintenance and security issues associated with IAM solutions which have developed 'organically' as an organisation has grown. On Mon, 30 Dec 2019 at 11:17, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > > You need an account if you want to write a new bug report ("issue") > in > > > Gitlab, even for public projects. No problem for Emacs developers, > they > > > will have an account on Emacs' Gitlab stanza. But we will miss bug > > > reports from Emacs users, which usually have no account there. > > > It has OAuth support, users could log in using an account from a > number > > of popular services. So that should be a non-issue. > > I don't think we can assume that everyone who uses Emacs and might report > a bug has an OAuth account, or would go ahead and make one for this. > I don't have one. No GNU activity requires one. > > Is it possible to have something run on a GNU server and use one > specific OAuth account to submit various people's Emacs bug reports, > all using a single shared OAuth account? > > -- > Dr Richard Stallman > Chief GNUisance of the GNU Project (https://gnu.org) > Founder, Free Software Foundation (https://fsf.org) > Internet Hall-of-Famer (https://internethalloffame.org) > > > > -- regards, Tim -- Tim Cross --00000000000082aab5059ae728fc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable



On Mon, 30 Dec 2= 019 at 11:17, Richard Stallman <rms@gnu.o= rg> wrote:
https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)





--
regards,

Tim=

--
Tim Cross

--00000000000082aab5059ae728fc--