[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Making GNUS continue to work with Gmail
From: |
Cesar Crusius |
Subject: |
Re: Making GNUS continue to work with Gmail |
Date: |
Sat, 15 Aug 2020 12:39:55 -0700 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Richard Stallman <rms@gnu.org> writes:
>> It looks like this approach keeps popping up as a "possible
>> solution," so I'll just point out again that this is _already
>> implemented_ in the package above, and is being used by various people
>> to make Gnus work with Gmail and XOAuth2. The discussion here is about
>> how to _avoid_ having to do that.
>
> What IS "this approach"? Does it get a key that GNUS can use for everyone?
> Does it have each user get a key from Google?
Others already replied, but in any case: the approach I and Lars were replying
to and was quoted in my message, namely
>>> Yeah, we could just use that and tell the users to "just" register their
>>> own developer accounts at Google and then put the keys somewhere. It's
>>> a really really horrid experience to go through, though, and Google will
>>> sic an API compliancy review at the users at random.
... so each user gets a key from Google. The procedure for doing so is
documented in the auth-source-xoauth2 package. The only difference between this
and the "one key GNUS can use for everyone" approach is that the latter
requires (a) an official, Google-approved, GNUS/Emacs app registered from which
keys can be shared, and (b) a key sharing mechanism.
From what I've seen from Kmail/Kontact/KPim/etc replies, (a) and (b) is exactly
what they are doing, and there's no way around this. The only question is how
to achieve those in a way that is compatible with both Google terms and FSF
requirements, if there is such a way. Thunderbird "achieves" (b) by having
"secret" keys in source code. I don't know what the K* applications do, it did
not seem to be specified in their discussions.
In any case, (b), which seems to be the unsolvable puzzle, isn't even worth
pursuing if (a) is not doable under FSF requirements, and that is something
that only somebody from the FSF can determine.
Looks to me like the most direct course of action here would be for somebody
from the FSF to contact *Google themselves* and ask them for guidance on how to
make libre software make use of OAuth2 authentication. They may say "can't be
done, we won't allow it," but at least the discussion will have an official
resolution then and there.
--
Cesar Crusius
signature.asc
Description: PGP signature
- Re: Making GNUS continue to work with Gmail, (continued)
- Re: Making GNUS continue to work with Gmail, Richard Stallman, 2020/08/26
- Re: Making GNUS continue to work with Gmail, Eric S Fraga, 2020/08/27
- Re: Making GNUS continue to work with Gmail, tomas, 2020/08/27
- Re: Making GNUS continue to work with Gail, Eric S Fraga, 2020/08/27
- Re: Making GNUS continue to work with Gmail, Andrew Cohen, 2020/08/27
- Re: Making GNUS continue to work with Gmail, Eric S Fraga, 2020/08/27
- Re: Making GNUS continue to work with Gmail, Richard Stallman, 2020/08/27
- Re: Making GNUS continue to work with Gmail, Richard Stallman, 2020/08/27
- Re: Making GNUS continue to work with Gmail,
Cesar Crusius <=
- Re: Making GNUS continue to work with Gmail, David De La Harpe Golden, 2020/08/16
- Re: Making GNUS continue to work with Gmail, Uwe Brauer, 2020/08/16
- Re: Making GNUS continue to work with Gmail, David De La Harpe Golden, 2020/08/16
Re: Making GNUS continue to work with Gmail, Mingde (Matthew) Zeng, 2020/08/11