From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.ciao.gmane.io!not-for-mail From: Philippe Vaucher Newsgroups: gmane.emacs.devel Subject: Re: Drop the Copyright Assignment requirement for Emacs Date: Tue, 19 May 2020 12:11:58 +0200 Message-ID: References: <3c558381-f584-a2e5-972e-007221347f16@yandex.ru> <20200519075551.GE7874@tuxteam.de> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="ciao.gmane.io:159.69.161.202"; logging-data="118550"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Emacs developers To: tomas@tuxteam.de Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue May 19 12:13:02 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jazF8-000Uhz-6g for ged-emacs-devel@m.gmane-mx.org; Tue, 19 May 2020 12:13:02 +0200 Original-Received: from localhost ([::1]:38856 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jazF7-00021r-8d for ged-emacs-devel@m.gmane-mx.org; Tue, 19 May 2020 06:13:01 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:36800) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jazEZ-0001Zo-Tn for emacs-devel@gnu.org; Tue, 19 May 2020 06:12:27 -0400 Original-Received: from mail-lj1-x22b.google.com ([2a00:1450:4864:20::22b]:39102) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jazEY-0007WT-S5 for emacs-devel@gnu.org; Tue, 19 May 2020 06:12:27 -0400 Original-Received: by mail-lj1-x22b.google.com with SMTP id u6so13083199ljl.6 for ; Tue, 19 May 2020 03:12:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5380ubzskPfUej7ppkwcClG20qdd4LNUJRglOoHYu4Q=; b=giv4b5ItpkYF9Yx5oflBtGDX64nZOKs67LuxKzJHkyLZHRbUy9S5SRGV9BFLJhce68 fBOiOQZPTZ6MUWEc44hhVOYCwLtEmpDJ2u3unqoJ73VgqfdBWBbwnftX/ZxM1tm3vvSc 6vu+OqXs/IQOTZfdIb2dtmeuNKYoDwfY0qjN3ppN76kZF8GatUlglC5UbOa/iaR76zIt v6KnH0Wvng6+sUwan3r5xQ/UnN6zKlMHcpYmUGItyzR/BUmBIbuHCtueWYOB7cIZoi4W dvJoR3xDWZtW5NLY8c0zq7zmSdEwxujyzac176tWjbPXJA6LJq85jdBJewLeMZtrinNy nKtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5380ubzskPfUej7ppkwcClG20qdd4LNUJRglOoHYu4Q=; b=bJr5Hpug4UEXkQr2dwYTbAd24dLnKFkzfc+f4i+1RniUKHdl9xbpryGpgo+ZEzVek6 9R3PMQx6BKTnmAODIoEQx625lkmjGfH7BZcHYHallkgDCdz6RAoMptn1p76KS1BK8+VF pxFgEMRhb8HjOQHNkW6MIQpR/3VY6VMmrQWRXhm59U50yzkpI5h3H9la9NsuUvPDiyF5 tWKrwBAveswYavxEZoX/0piVK6r71RzLqdvvd7jYGfYFEoV7yz+QF0dsZ9Ax1xI1zQqh sxa4QHoDBRFQvhUhp/BuAXia/GRAt534lfruxusCDpPYuJo4gHKQA1LANhlNmZbakiZZ qcOQ== X-Gm-Message-State: AOAM531b9b/DmA8VrVz7EQkARhADv2H+EMUGv0EefIHA62qBh5vnT5e3 FirMXG4WLb8bkOaLH+IP5eOMBpYkR2Vgx2EM3tk= X-Google-Smtp-Source: ABdhPJzoZe2rMbNvnjONGE4Ai8ngiYHCA4EWu6XWwaUTaZwio2GkXg5MCc3O2EAjQq3gSY01Ledp3NecbsxcwHnZ9Z4= X-Received: by 2002:a2e:701a:: with SMTP id l26mr1567402ljc.50.1589883145079; Tue, 19 May 2020 03:12:25 -0700 (PDT) In-Reply-To: <20200519075551.GE7874@tuxteam.de> Received-SPF: pass client-ip=2a00:1450:4864:20::22b; envelope-from=philippe.vaucher@gmail.com; helo=mail-lj1-x22b.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:250896 Archived-At: > On Tue, May 19, 2020 at 07:26:10AM +0200, Philippe Vaucher wrote: > > > (and I do note you'd still have to go through the horrors of finding a > > > pen and paper in your office and manually using your arms to hold > > > it up to the webcam) > > > > Please, I said 3 times already that YOU JUST TYPE YOUR NAME ON YOUR > > KEYBOARD, or attach an image. Yes, that's how I did in in Adobe Sign > > (just typed "Philippe Vaucher" on my keyboard). The only thing it did > > is the name was displayed using a hand-written font. Surely this > > cannot be complicated to duplicate. I already said all this. > > But anyone can type your name on her keyboard. I can type it. Am > I now signing something for you? Is it valid before court? No, only me can open that link in my email. It's apparently valid in court because other companies use that, the company I had to sign a paper online with is https://www.milestonesys.com so I trust their judgement but IANAL. This looks to be the accepted standard in Adobe Sign and I suspect others too. To be honest: typing your name, attaching an image, writing your signature with your mouse: this is all easy to fake if you have access to the person's email. Even the current printing-signing-scanning-emailing is very easy to fake. Even in the real world, it's pretty easy to go in a shop and order something for someone else. For serious things, they usually ask for an ID and verify it's you, which digitally can be done in numerous ways I already enumerated in other emails. > That's the "interesting" problem. Yelling doesn't solve it :) Well I this interesting problem came after my yelling :-) I yelled for another reason (people misrepresenting the experience I had). > Now you'd say that I could forge your signature on paper and send > it in, but traditional trust into something like that is a tad > higher, and I see two reasons for that: (a) it is more difficult > to get hold of a physical signature of yours to do the forging, > and (b) there is significantly more expertise in place to detect > forged signatures. I'd argue it's harder to forge a digital signature than a physical signature, but I don't want to waste braincells about that so let's just move on :-) > > Sorry for yelling but maybe with caps it's more clear. > > Nevermind, but I think you're still missing the point: at the > moment the FSF ends before court over some copyright spat (and > there have been high-profile ones, they can be hellishly > expensive, see [1] if you think you've got some time to kill), > at this moment the FSF will have to prove that it has done its > due diligence... and no, Someone (TM) at the other end of an > HTTPS connection saying "yeah, sure, it's me" probably won't > cut it. Okay, I understand FSF wants the safe option. Once there is jurisprudence that the digital signatures are valid in court, the FSF will probably adapt. So, basically until then it's useless to even pursue these smooth options. Thanks for making it clear this is a dealbreaker. Philippe