On 7/27/25 18:18, Demi Marie Obenour wrote:
On 7/26/25 06:08, Alyssa Ross wrote:
Demi Marie Obenour <demiobenour@gmail.com> writes:
I'm curious if Spectrum has a web submission endpoint for b4. would lower the barrier to entry for those who have bad mail clients, like the GMail web UI.
I did notice that .b4-config did not mention one.
It doesn't. We could set one up, but I'd have to research how to prevent it being used for spam, since it sounds like it would basically be an open relay, and we've had a number of GMail users able to submit patches successfully using git-send-email so far. Isn't all you have to do create an app-specific password and use that as your SMTP password?
b4 web submission is authenticated: the user must prove they own the email address before they can send as that email address.
Creating an app-specific password does work, but it isn't always an option:
- Enrolling in the Advanced Protection Program (recommended for the very users Spectrum targets!) disables app passwords.
- Google Workspace admins can disable app passwords.
- Microsoft 365 has either removed support for SMTP basic auth or will do so soon.
Looks like Microsoft 365 has fully removed basic auth support.
OAuth is still supported, but it isn't always an option, and even when it is it is still a huge barrier to entry:
- Obtaining an OAuth token for SMTP requires registering an app, and admins (at least in Microsoft 365) can disable that.
Apparently some programs solve this by impersonating Outlook.
- There is no builtin OAuth support in git send-email. There are sendmail compatible CLIs that do have such support, but everyone who packaged it might need to get their own client ID for legal reasons. This would also cause problems in corporate environments.
Correction: git send-email actually has OAuth2 support, but it has no builtin way to obtain an OAuth refresh token. There is a third-party program (git-credential-oauth) that does support this, but it is not installed by default. -- Sincerely, Demi Marie Obenour (she/her/hers)