FSF to launch code hosting

Posted Feb 25, 2020 23:45 UTC (Tue) by HelloWorld (guest, #56129)
In reply to: FSF to launch code hosting by Seirdy
Parent article: FSF to launch code hosting

E-mail? In 2020? Thanks, but no thanks.

FSF to launch code hosting

Posted Feb 26, 2020 6:00 UTC (Wed) by pabs (subscriber, #43278) [Link] (9 responses)

The same could be said about the web :)

FSF to launch code hosting

Posted Feb 26, 2020 7:58 UTC (Wed) by gfernandes (subscriber, #119910) [Link] (3 responses)

Really? Faff over a couple of clicks?

FSF to launch code hosting

Posted Feb 26, 2020 10:27 UTC (Wed) by Wol (subscriber, #4433) [Link] (2 responses)

People forget that other people may not be as lucky as they are. I gather in the US that some people are still stuck on dial-up! Here in the UK while most people have access to fibre, I thought that we were still stuck on ADSL-2 (that may no longer be true) and there are a few people left on ADSL.

And then, what about peoples' workflow? I *still* prefer to work in "offline" mode with the online stuff happening behind my back. Try doing THAT when your internet is down! (Which until recently was pretty common - dunno why).

Why is it that people seem to delight in assuming that OTHER PEOPLE should adopt THEIR OWN way of working/thinking/living? I don't give a monkeys how you live your life - stop telling me how to live mine, thanks.

Cheers,
Wol

FSF to launch code hosting

Posted Feb 26, 2020 21:03 UTC (Wed) by ejr (subscriber, #51652) [Link] (1 responses)

Some rural US areas have access only to relatively expensive satellite "broadband." These come with absurdly low data caps, the kind that will be blown away when people forward PowerPoint slides or watch anything streaming.

Plus there are people with longer-ish train or plane transits. Trains are starting to support wifi, but, um, not always successfully in my experience. Planes charge extra.

And some people just want to unplug, sit, and think about what they're doing.

The "offline" world still exists.

FSF to launch code hosting

Posted Feb 26, 2020 21:31 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

Git works perfectly fine offline. You don't to have to send a PR right away. The amount of data consumed by using Github UI or API is also pretty insignificant.

So email workflow these days is mostly a matter of personal preference. Supporting it would certainly be nice, but I don't think it has any practical advantage.

FSF to launch code hosting

Posted Feb 26, 2020 17:42 UTC (Wed) by NYKevin (subscriber, #129325) [Link] (4 responses)

The difference, I think, is that email is increasingly a non-federated medium, whereas the web is still somewhat federated (on the server side). If you want to speak SMTP to arbitrary systems, you have to do a variety of things which are (to my knowledge) not in any RFC to convince the recipient servers that your message is non-spam. If you mess up, somebody may just add you to a blackhole list without telling you. You won't know until six months later when a user complains they didn't get your email.

And options for end-to-end encryption of email are still, frankly, terrible. Yes, I know PGP, GPG, Enigmail, etc. exist. Their UX is totally inadequate compared to the web browser experience of "Is there a padlock in the URL bar? Then you don't have to do anything." More to the point, they require everyone in the conversation to have the necessary tools installed and available. A single person clicking Reply All and failing to remove quoted text can result in a cleartext disclosure of the entire record. As for signatures, realistically, half your recipients are doing this: https://xkcd.com/1181/

FSF to launch code hosting

Posted Feb 27, 2020 5:19 UTC (Thu) by wtarreau (subscriber, #51152) [Link] (3 responses)

> Their UX is totally inadequate compared to the web browser experience

It's exactly the opposite. Have you ever tried to use GitHub UI ? It's terribly misdesigned, slow, inefficient, with horrible alignment making you totally inefficient. With e-mail I can chose the e-mail client *I* want, and I'm not forced to follow the UX pattern that $RANDOM_JERK_OF_THE_DAY decided was better for me because it looks fine on their smartphone.

And better, I can script processing of my e-mails without even having to think about it. Running sed, grep, vi is just routine. Try to do that in a web interface, and good luck!

This is why I ask people to continue to send me exclusively patches over e-mail. I can trivially and efficiently adapt them and integrate them. In a web UI you're encouraged to take the crap as it is because fixing minore details suddenly becomes extremely complicated.

FSF to launch code hosting

Posted Feb 27, 2020 19:21 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (2 responses)

In that paragraph, I was specifically talking about end-to-end encryption, not *all* UX.

FSF to launch code hosting

Posted Feb 28, 2020 10:59 UTC (Fri) by gdt (subscriber, #6284) [Link] (1 responses)

Could I suggest that the end-point of an end-to-end argument is the commit, not the email (which is essentially a transport)?

Git has support for signed commits. The user experience for commit signing is fine on GNOME or KDE. The horrible GPG user interface is still needed to create the keys -- this means few Git beginner guides configure commit signing.

If you want to use a Secure Attention Key to authorise a hardware-generated signature then be prepared for four pages of dense instructions of GPG open-heart surgery. You can set up some Git* servers to reject unsigned commits, some Git* servers will check the signatures. To date none of the Git* servers nor git clients will reject a signature based upon attestation (so all signed commits are equivalent, meaning the server can't insist only on hardware-signed commits confirmed by a Secure Attention Key). Even so I'd seriously suggest to Linux developers that they look at a hardware device for GPG-signing commits (Yubikey, etc). Then opportunities for unauthorised commits are small, even when the developer is using a compromised laptop.

FSF to launch code hosting

Posted Feb 28, 2020 18:45 UTC (Fri) by mpr22 (subscriber, #60784) [Link]

Should that be Secure Attestation Key, or something of that nature? Because to me a Secure Attention Key means the likes of Ctrl-Alt-Del on Windows NT (etc.) or Alt+SysRq+(whatever) on Linux.