[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Has anyone looked at JMAP?
From: |
Valdis Klētnieks |
Subject: |
Re: Has anyone looked at JMAP? |
Date: |
Wed, 02 Sep 2020 09:57:05 -0400 |
On Mon, 31 Aug 2020 20:44:42 -0400, Ken Hornstein said:
> >- Paragraph 4.b.1, which states that "You will keep your credentials
> >> confidential and make reasonable efforts to prevent and discourage other
> >> API Clients from using your credentials. Developer credentials may not be
> >> embedded in open source projects." prohibits the use of OAuth credentials
> >> in free software projects. As I wrote above (and earlier), Google
> >> tolerates (at the moment) that this specific point of their TOS is
> >> violated. But that doesn't mean that violating them is without legal
> >> risk.
>
> Oof, fair enough. It does seem unfortunate that the official rules don't
> permit OSS projects; I wish there was a way for a user to create their
> own custom API key and they could just add that to their account. Honestly,
> I am fine with doing what KMail did (since that's what we did before).
Oh, it's fairly easy for a user to create their own custom API key for their
own instance of fetchmail. What's *not* permitted is for a *project* to ship a
tarball or whatever with a key usable by everybody who installs the package.
Which of course is actually pretty reasonable - imagine the flamestorm if
openssh shipped a public/private keypair that it installed on every
machine.....
pgp2gIkR_GgVq.pgp
Description: PGP signature
- Re: Has anyone looked at JMAP?,
Valdis Klētnieks <=