From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: Emacs project mission (was Re: "If you're still seeing problems, please reopen." [ Date: Mon, 30 Dec 2019 19:40:48 -0500 Message-ID: References: <20191117113054.49837.qmail@mail.muc.de> <87pnhq7mxg.fsf@gnus.org> <87bltaz9g4.fsf@telefonica.net> <834kz25qp9.fsf@gnu.org> <87y2wexsv1.fsf@telefonica.net> <20191118175639.08d02820@jabberwock.cb.piermont.com> <874kz0pa9y.fsf@gnus.org> <87sgmjyn60.fsf@gmx.de> Reply-To: rms@gnu.org Content-Type: text/plain; charset=Utf-8 Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="71996"; mail-complaints-to="usenet@blaine.gmane.org" Cc: ofv@wanadoo.es, emacs-devel@gnu.org, michael.albinus@gmx.de, dgutov@yandex.ru, larsi@gnus.org, perry@piermont.com To: Tim Cross Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Dec 31 01:41:02 2019 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1im5ao-000IbH-By for ged-emacs-devel@m.gmane.org; Tue, 31 Dec 2019 01:41:02 +0100 Original-Received: from localhost ([::1]:38066 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1im5an-00080B-8A for ged-emacs-devel@m.gmane.org; Mon, 30 Dec 2019 19:41:01 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:44035) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1im5ac-000803-Ni for emacs-devel@gnu.org; Mon, 30 Dec 2019 19:40:52 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:43387) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1im5ab-0007MZ-Og; Mon, 30 Dec 2019 19:40:49 -0500 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1im5aa-0004Zo-Sv; Mon, 30 Dec 2019 19:40:49 -0500 In-Reply-To: (message from Tim Cross on Mon, 30 Dec 2019 18:54:39 +1100) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:243792 Archived-At: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > I think it would be a good idea if the GNU infrastructure was modified to > also be an OATH2.0/openID provider. These are open standards and there are > a number of open source implementations I have to point out that we do not advocate or support "open source". We advocate free software for the sake of freedom -- a value which "open source" avoids discussing. Nearly all source code which is open source is also free software, but exceptions do exist, so the other is not relevant to our decusions. See https://gnu.org/philosophy/open-source-misses-the-point.html for more explanation of the difference between free software and open source. See also https://thebaffler.com/salvos/the-meme-hustler for Evgeny Morozov's article on the same point. > It would likely improve > the reliability and security of FSF/GNU IAM infrastructure[*} That is an issue for sysadmins to think about, not me. and enable > users with FSF/GNU identities to use them with approved/authorised identity > consumers. I will not authorize anyone to consume my identity! No way! That is a joke but HHOS. See https://gnu.org/philosophy/words-to-avoid.html#Consume for why we reject the word "consume" as a term for doing something with data. > The side benefit > would be an ethical identity provider that could be used by those who have > a FSF/GNU login. Here we get to the heart of this matter. Is that a good thing to do? Or a bad thing to do? I don't know enough to have an opinion on the matter, but it is clear that I shouldn't agree to that without first studying it enough to have an opinion. Since I have lots of other things on the table, I'd rather put that off. > In general, > 'generic' identities are a bad thing and should be avoided (for example, > what would you do if someone were to abuse this identity and script the > logging of large numbers of bogus bug reports? You don't want to disable > the identity as it would adversely impact legitimate use. Right now anyone can send mail dummy bug reports to bug-gnu-emacs. It doesn't seem to be a big problem in practice, so I think we don't need to worry about the issue. > Have an email > gateway to submit bugs in a similar manner to how it is done now AND a web > interface to log, browse, update issues for those with an oauth2.0 > compliant login and who want that level of access? You could even setup the > report bug functionality to use an oauth based form submission if the user > has setup an oauth2 id and fall back to email if they don't. I don't see any reason to object to that. -- Dr Richard Stallman Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)