From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.ciao.gmane.io!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.bugs Subject: bug#41386: 28.0.50; Gnus nnimap OAuth 2.0 support Date: Thu, 21 May 2020 23:07:24 -0400 Message-ID: References: <87y2poqehh.fsf@gnus.org> Reply-To: rms@gnu.org Content-Type: text/plain; charset=Utf-8 Injection-Info: ciao.gmane.io; posting-host="ciao.gmane.io:159.69.161.202"; logging-data="98997"; mail-complaints-to="usenet@ciao.gmane.io" Cc: fitzsim@fitzsim.org, 41386@debbugs.gnu.org To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri May 22 05:08:10 2020 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jby2b-000Pd4-OY for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 22 May 2020 05:08:09 +0200 Original-Received: from localhost ([::1]:40312 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jby2a-0007FG-OC for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 21 May 2020 23:08:08 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:50300) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jby2V-0007Et-0a for bug-gnu-emacs@gnu.org; Thu, 21 May 2020 23:08:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:46183) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jby2U-0004DK-Nv for bug-gnu-emacs@gnu.org; Thu, 21 May 2020 23:08:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jby2U-0003Eg-IX for bug-gnu-emacs@gnu.org; Thu, 21 May 2020 23:08:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Richard Stallman Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 22 May 2020 03:08:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41386 X-GNU-PR-Package: emacs Original-Received: via spool by 41386-submit@debbugs.gnu.org id=B41386.159011686912419 (code B ref 41386); Fri, 22 May 2020 03:08:02 +0000 Original-Received: (at 41386) by debbugs.gnu.org; 22 May 2020 03:07:49 +0000 Original-Received: from localhost ([127.0.0.1]:57729 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jby2E-0003ED-Mt for submit@debbugs.gnu.org; Thu, 21 May 2020 23:07:49 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:42794) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jby1y-0003Df-Lb for 41386@debbugs.gnu.org; Thu, 21 May 2020 23:07:45 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:56050) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jby1t-0004A7-21; Thu, 21 May 2020 23:07:25 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1jby1s-0007Oe-8Q; Thu, 21 May 2020 23:07:24 -0400 In-Reply-To: <87y2poqehh.fsf@gnus.org> (message from Lars Ingebrigtsen on Tue, 19 May 2020 14:46:34 +0200) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:180732 Archived-At: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > I don't think there's any way to ship Emacs with built-in oauth2 support > for doing auth with Gmail -- it requires distributions with API secrets > and stuff, and there's no secrets in the Emacs distribution. There are no real secrets in any free operating system. The only way I know of to have a key and effectively keep it secret with software is to bury it in a nonfree excutable, and that is not a solution; it only replaces one impassable obstacle with another impassable obstacle. > Or is there a way to do that now? I haven't been paying attention the > last few months. I remember Thunderbird including some credentials in > the source code and saying, jokily, "remember, these are secret". > Somebody would have to register the Emacs "app" with Google, and for > Emacs, that would have to be the FSF, right? And I don't see that > happening ever, ideologically. If what Thunderbird is doing does not involve nonfree software, I see no reason we couldn't do the same. But I doubt that Google will continue accepting this forever. Google might eventually decide to kick off Thunderbird users, and Gnus users along with them. > But somebody could definitely write a package and put that on MELPA, and > do the registration, I think? (With the same joke, of course.) To the extent that this approach is usable, we woultn't need to relegate it to MELPA. We could put it straight into Gnus. The two Google announcements clearly describe how Google plans to block access with anything other than OAuth 2. They don't go into much detail about what OAuth 2 requires, and don't describe how this conflicts with free software. Can someone find a page describing this issue in a careful and thorough way, written by someone who knows the subject? Can someone get in touch with a Thunderbird developer or expert who would like to discuss the issue? -- Dr Richard Stallman Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)