Hi Eric,
On Mon, Oct 14, 2019 at 2:12 AM Eric Wong <e...@80x24.org> wrote:
> Konstantin Ryabitsev <konstan...@linuxfoundation.org> wrote:
> > On Fri, Oct 11, 2019 at 09:23:08PM +0000, Eric Wong wrote:
> > > > (This is the same reason I generally disagree with Eric Wong about
> > > > preserving SMTP as the primary transmission protocol -- I've heard lots
> > > > of
> > > > complaints both from kernel developers and especially from people
> > > > trying to
> > > > contribute to CAF about corporate policies actually making it
> > > > impossible to
> > > > submit patches -- and no, using a different mail server is not a
> > > > possibility
> > > > for them because it can be a firing offense under their IT AUP rules.)
> > >
> > > I'm not opposed to a webmail interface tailored to kernel hacking
> > > which does stuff like checkpatch.pl and get_maintainer.pl before
> > > sending (similar to your patchwork proposal and
> > > gitgadgetgadget). That would get around security appliances
> > > but SMTP would still be used in the background.
> > >
> > > Or offer full-blown HTTPS webmail + IMAP + SMTP access like any
> > > other webmail provider + checkpatch + get_maintainer helpers.
> >
> > Well, this is the bit where I say that it may not be allowed by corporate
> > rules. I see this all the time in CAF/Android world where companies
> > *require* that all email goes through their SMTP server so that it can be
> > properly logged (often for legal reasons). And it is often equally required
> > that any code submissions come from per...@corporate.com and not
> > per...@free-email-provider.com for License/CLA reasons, so setting up a
> > webmail server is not a solution either.
>
> Aren't they still allowed to submit stuff via forges the same way
> they'd use a potential hacker-oriented webmail/SMTP/IMAP solution?
>
> Sometimes I see @username_COMPANY-type names on forges, but
> AFAIK it's not very common.
>
> > This is basically why SMTP sucks in my view -- and it's worthless trying to
> > pick fights with IT departments, because they are told to do so by lawyers.
> > So, I want to take SMTP out of the equation:
>
> If the open source community can fight to get GPL accepted, I
> don't see why we can't fight or subvert dumb corporate policies.
>
> > 1. provide a way for someone to submit a patch using a web interface (but
> > still in a way that From: is their corporate ID)
> > 2. use individual git feeds as a way to send out patches instead of always
> > being secondary to SMTP
>
> username-comp...@users.kernel.org could probably work if they're
> required to use @username_COMPANY on forges.
username+foo is the standard way.
> We can also find creative ways to subvert corporate policies:
> For example; if their policy specifically prevents outgoing SMTP,
> "git imap-send" could be used.
IMAP may be blocked, too?
Bascially the only thing you can rely on is HTTP(S), through a proxy,
possibly with HTTPS inspection through a company-specific trusted
certificate that allows MITM.
> If their policy forbids using external "email" services, we'd
> name it "Kernel Hackers' Messaging System" or something of that
> sort and say we use an email bridge :>
Anything named "Hacker" may be blocked, too ;-)
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
_______________________________________________
Patchwork mailing list
Patchwork@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/patchwork
