Re: Drop the Copyright Assignment requirement for Emacs

[Philippe Vaucher]

> On Tue, May 19, 2020 at 07:26:10AM +0200, Philippe Vaucher wrote:
> > > (and I do note you'd still have to go through the horrors of finding a
> > > pen and paper in your office and manually using your arms to hold
> > > it up to the webcam)
> >
> > Please, I said 3 times already that YOU JUST TYPE YOUR NAME ON YOUR
> > KEYBOARD, or attach an image. Yes, that's how I did in in Adobe Sign
> > (just typed "Philippe Vaucher" on my keyboard). The only thing it did
> > is the name was displayed using a hand-written font. Surely this
> > cannot be complicated to duplicate. I already said all this.
>
> But anyone can type your name on her keyboard. I can type it. Am
> I now signing something for you? Is it valid before court?

No, only me can open that link in my email.

It's apparently valid in court because other companies use that, the
company I had to sign a paper online with is
https://www.milestonesys.com so I trust their judgement but IANAL.
This looks to be the accepted standard in Adobe Sign and I suspect
others too.

To be honest: typing your name, attaching an image, writing your
signature with your mouse: this is all easy to fake if you have access
to the person's email.

Even the current printing-signing-scanning-emailing is very easy to
fake. Even in the real world, it's pretty easy to go in a shop and
order something for someone else.

For serious things, they usually ask for an ID and verify it's you,
which digitally can be done in numerous ways I already enumerated in
other emails.

> That's the "interesting" problem. Yelling doesn't solve it :)

Well I this interesting problem came after my yelling :-) I yelled for
another reason (people misrepresenting the experience I had).

> Now you'd say that I could forge your signature on paper and send
> it in, but traditional trust into something like that is a tad
> higher, and I see two reasons for that: (a) it is more difficult
> to get hold of a physical signature of yours to do the forging,
> and (b) there is significantly more expertise in place to detect
> forged signatures.

I'd argue it's harder to forge a digital signature than a physical
signature, but I don't want to waste braincells about that so let's
just move on :-)

> > Sorry for yelling but maybe with caps it's more clear.
>
> Nevermind, but I think you're still missing the point: at the
> moment the FSF ends before court over some copyright spat (and
> there have been high-profile ones, they can be hellishly
> expensive, see [1] if you think you've got some time to kill),
> at this moment the FSF will have to prove that it has done its
> due diligence... and no, Someone (TM) at the other end of an
> HTTPS connection saying "yeah, sure, it's me" probably won't
> cut it.

Okay, I understand FSF wants the safe option. Once there is
jurisprudence that the digital signatures are valid in court, the FSF
will probably adapt.

So, basically until then it's useless to even pursue these smooth options.

Thanks for making it clear this is a dealbreaker.

Philippe