[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Emacs project mission (was Re: "If you're still seeing problems, pl
|
From: |
Richard Stallman |
|
Subject: |
Re: Emacs project mission (was Re: "If you're still seeing problems, please reopen." [ |
|
Date: |
Mon, 30 Dec 2019 19:40:48 -0500 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> I think it would be a good idea if the GNU infrastructure was modified to
> also be an OATH2.0/openID provider. These are open standards and there are
> a number of open source implementations
I have to point out that we do not advocate or support "open source".
We advocate free software for the sake of freedom -- a value which
"open source" avoids discussing. Nearly all source code which is
open source is also free software, but exceptions do exist, so the
other is not relevant to our decusions.
See https://gnu.org/philosophy/open-source-misses-the-point.html
for more explanation of the difference between free software and open
source. See also https://thebaffler.com/salvos/the-meme-hustler for
Evgeny Morozov's article on the same point.
> It would likely improve
> the reliability and security of FSF/GNU IAM infrastructure[*}
That is an issue for sysadmins to think about, not me.
and enable
> users with FSF/GNU identities to use them with approved/authorised identity
> consumers.
I will not authorize anyone to consume my identity! No way!
That is a joke but HHOS. See
https://gnu.org/philosophy/words-to-avoid.html#Consume for why
we reject the word "consume" as a term for doing something with data.
> The side benefit
> would be an ethical identity provider that could be used by those who have
> a FSF/GNU login.
Here we get to the heart of this matter. Is that a good thing to do?
Or a bad thing to do? I don't know enough to have an opinion on the
matter, but it is clear that I shouldn't agree to that without first
studying it enough to have an opinion.
Since I have lots of other things on the table, I'd rather put that off.
> In general,
> 'generic' identities are a bad thing and should be avoided (for example,
> what would you do if someone were to abuse this identity and script the
> logging of large numbers of bogus bug reports? You don't want to disable
> the identity as it would adversely impact legitimate use.
Right now anyone can send mail dummy bug reports to bug-gnu-emacs.
It doesn't seem to be a big problem in practice, so I think we don't
need to worry about the issue.
> Have an email
> gateway to submit bugs in a similar manner to how it is done now AND a web
> interface to log, browse, update issues for those with an oauth2.0
> compliant login and who want that level of access? You could even setup the
> report bug functionality to use an oauth based form submission if the user
> has setup an oauth2 id and fall back to email if they don't.
I don't see any reason to object to that.
--
Dr Richard Stallman
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)