[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gcc
Subject:    Re: Recommendation of Gmail violates mission to respects users freedom
From:       Jonathan Wakely via Gcc <gcc () gcc ! gnu ! org>
Date:       2023-02-20 12:33:59
Message-ID: CAH6eHdS+G7LOwYCRbzx4eex3CV5hOOnWnJqQi94j8v41THt1gw () mail ! gmail ! com
[Download RAW message or body]

On Mon, 20 Feb 2023 at 10:39, David Kleuker wrote:
> 
> Hello,
> 
> since the GCC project seem not to be reachable in the Fediverse (only Twitter \
> linked on website), i contact you here about this issue. 
> https://chaos.social/@davidak/109893176873158932
> 
> The Free Software Foundation and the GNU project promote and create Free Software \
> that respects users freedom. The GCC Development Mission Statement is "Supporting \
> the goals of the GNU project." 
> So i was surprised to see that you recommend the e-mail providers "Gmail, Yahoo, \
> Hotmail, or similar" that are known not to respect the users privacy, on \
> https://gcc.gnu.org/bugzilla/createaccount.cgi. 
> I suggest removing the examples since most people coming to the bug tracker should \
> know what an e-mail provider is and instead recommend to use an e-mail alias to \
> protect from spam on the main address.

I think we should just drop the recommendation to use a throwaway
email account. Or water it down to a much weaker suggestion ("The
email address linked to your account might become publicly visible, so
if you are concerned about corporate email addresses or other
non-public email addresses being exposed, you might want to consider
using a different address for your bugzilla account").

Bugzilla doesn't show email addresses to non-logged in users, and
account creation is restricted to stop spammers logging in now. Email
addresses are shown in barely obfuscated form at
https://gcc.gnu.org/pipermail/gcc-bugs/2023-February/812879.html but
nowadays spammers have plenty of ways to obtain email addresses that
don't rely on scraping web pages. I'm not sure the emphasized
recommendation to use web mail accounts really makes sense. What if my
primary email account is a web mail account? Does that make me safer
from spam? Or should I create a second webmail account just for GCC
bugzilla? I think we should just let users decide how to manage their
own email infosec.


[prev in list] [next in list] [prev in thread] [next in thread]