From: Jonathan Wakely <jwakely.gcc@gmail.com>
To: David Kleuker <post@davidak.de>
Cc: "gcc@gcc.gnu.org" <gcc@gcc.gnu.org>
Subject: Re: Recommendation of Gmail violates mission to respects users freedom
Date: Mon, 20 Feb 2023 12:33:59 +0000 [thread overview]
Message-ID: <CAH6eHdS+G7LOwYCRbzx4eex3CV5hOOnWnJqQi94j8v41THt1gw@mail.gmail.com> (raw)
In-Reply-To: <57040213.384865.1676854866253@office.mailbox.org>
On Mon, 20 Feb 2023 at 10:39, David Kleuker wrote:
>
> Hello,
>
> since the GCC project seem not to be reachable in the Fediverse (only Twitter linked on website), i contact you here about this issue.
>
> https://chaos.social/@davidak/109893176873158932
>
> The Free Software Foundation and the GNU project promote and create Free Software that respects users freedom. The GCC Development Mission Statement is "Supporting the goals of the GNU project."
>
> So i was surprised to see that you recommend the e-mail providers "Gmail, Yahoo, Hotmail, or similar" that are known not to respect the users privacy, on https://gcc.gnu.org/bugzilla/createaccount.cgi.
>
> I suggest removing the examples since most people coming to the bug tracker should know what an e-mail provider is and instead recommend to use an e-mail alias to protect from spam on the main address.
I think we should just drop the recommendation to use a throwaway
email account. Or water it down to a much weaker suggestion ("The
email address linked to your account might become publicly visible, so
if you are concerned about corporate email addresses or other
non-public email addresses being exposed, you might want to consider
using a different address for your bugzilla account").
Bugzilla doesn't show email addresses to non-logged in users, and
account creation is restricted to stop spammers logging in now. Email
addresses are shown in barely obfuscated form at
https://gcc.gnu.org/pipermail/gcc-bugs/2023-February/812879.html but
nowadays spammers have plenty of ways to obtain email addresses that
don't rely on scraping web pages. I'm not sure the emphasized
recommendation to use web mail accounts really makes sense. What if my
primary email account is a web mail account? Does that make me safer
from spam? Or should I create a second webmail account just for GCC
bugzilla? I think we should just let users decide how to manage their
own email infosec.
prev parent reply other threads:[~2023-02-20 12:34 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-20 1:01 David Kleuker
2023-02-20 12:33 ` Jonathan Wakely [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAH6eHdS+G7LOwYCRbzx4eex3CV5hOOnWnJqQi94j8v41THt1gw@mail.gmail.com \
--to=jwakely.gcc@gmail.com \
--cc=gcc@gcc.gnu.org \
--cc=post@davidak.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).