emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Making GNUS continue to work with Gmail

From: Gregory Heytings
Subject: Re: Making GNUS continue to work with Gmail
Date: Sun, 16 Aug 2020 08:17:30 +0000
User-agent: Alpine 2.21 (NEB 202 2017-01-01)
> The latter. Basically each user has to log in to the google developer > 'console' with a web browser and register themselves, and then perform > a set of steps to generate an OAuth2 token.
I posted, around a week ago, why that is a bad approach (not merely inconvenient).
I'm not sure to what message you refer, but I guess it is the following one, dated from August 7th:
Does that web page function using nonfree software? (Javascript code, for instance?) Knowing Google, I suspect that it does.
If so, we cannot distribute that function, or suggest to users that they use that page, or have code in Emacs which presumes that they do.
This is a fundamental moral principle of the GNU Project: we hold that running a nonfree program is never a legitimate solution to any problem.
We cannot impose that principle on anyone, and we do not try; but we have a duty not to speak in a way that contradicts it.
It might be possible to write free code which talks to that page using some (perhaps undocumented) API and avoids that issue. That would be good.
This is not possible. There are only two solutions (each user creates their own OAuth credentials as if they were a developer of a different app, or the developer creates OAuth credentials and shares it with all users of the app), but in both cases this will involve nonfree software, by the user in the first case and by the developer _and_ the user in the second case.
With the solution used by Kmail, Thunderbird and others, when a user adds a Google account to their mail client, a Google login page is opened in a browser, on which they indicate their login and password. This page is the https://accounts.google.com page, and it uses nonfree JavaScript code.
As you write, it might be possible, at least in theory, to write free code which would behave as if it were a browser, thereby avoiding to run the nonfree code from Google. But this would be very hard to do, and it would be a fragile solution, because this code is itself not on API, so Google is free to change it at any time. Moreover Google has likely implemented ways to detect on their side that it is indeed their code that is run in a compatible browser, and to trigger a CAPTCHA request when this is not the case. 

Gregory
reply via email to
[Prev in Thread] Current Thread [Next in Thread]