Re: gmail+imap+smtp (oauth2)

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gmail+imap+smtp (oauth2)

From:	Thomas Fitzsimmons
Subject:	Re: gmail+imap+smtp (oauth2)
Date:	Wed, 04 May 2022 09:34:20 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)

Hi Tim,

Tim Cross <theophilusx@gmail.com> writes:

> Richard Stallman <rms@gnu.org> writes:
>
>> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
>> [[[ whether defending the US Constitution against all enemies,     ]]]
>> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>>
>>   > I landed on the conclusion that SMTP 
>>   > and IMAP should keep working as long as you use app-passwords for 
>>   > logging in to your account.
>>
>> Can you explain what "app-passwords" are?  I have never used Gmail,
>> and I don't need to know technical details, but I have to think
>> about the ethical implications of this.

[...]

> I don't think there are any significant ethical considerations
> associated with app passwords (in addition to those associated with
> using Google/Gmail that is). It is likely that setting the app password
> via the Google account settings page involves non-free Javascript, but I
> think that boat sailed when you initially sign up for a gmail account
> anyway.

One issue with OAuth2 schemes is that they periodically force the user
through a web-browser-only authentication process that requires non-free
JavaScript, in order to get a refresh token.

(I'm hoping someone can prove me wrong, and point me to a command-line
procedure using only free software that allows me to get a refresh token
when required.  We're told OAuth2 is a modern standard, right?  So there
should be a modern, standard way of doing the same things as the
JavaScript authentication blobs... right?)

There are two issues, which I think should be considered separately:

One-time registration requiring non-free JavaScript (1).

Subsequently requiring non-free JavaScript for authentication to use
IMAP or SMTP protocols (2).

See the discussion in this bug report, closed wontfix:

   https://debbugs.gnu.org/cgi/bugreport.cgi?bug=41386

I'm hoping the FSF will study and comment on the issue in general, given
that gmail.com, such a large email provider, is making this OAuth2
change.  To me, issue (2) seems like a high priority one for Free
Software.  Keep in mind that avoiding issue (1) isn't always optional,
from an employee/student perspective.

Thomas

[Prev in Thread]

Current Thread

[Next in Thread]

Re: gmail+imap+smtp (oauth2), (continued)

Prev by Date: Re: Unable to get .elpaignore to work [Was: Request to add tomelr package to GNU ELPA]
Next by Date: Re: master f2d2fe6fc8: server-execute: Initialize the *scratch* buffer
Previous by thread: Re: gmail+imap+smtp (oauth2)
Next by thread: Re: gmail+imap+smtp (oauth2)
Index(es):
- Date
- Thread