Re: Clarifications regarding GNOME Online Accounts


On Mon, 18 Feb 2019 09:52:54 -0600, mcatanzaro gnome org wrote:
On Sun, Feb 17, 2019 at 7:20 AM, Sam Thursfield <ssssam gmail com> 


3. continue distributing a "GNOME key" with the source code, and hope 
that Google don't mind

I suggest we don't continue to willfully violate Google's terms of 
service now that the issue has been brought to our attention. The only 
reasonable option seems to be to shut down our Google integration. Not 
just from g-o-a, but also the Safe Browsing support in Epiphany.

At least in the case of Safe Browsing, I think it would make more sense to
figure out what Firefox, Vivaldi, or even *Chromium* are doing, or at least
contact someone inside Google.

Also, looking at [1] I can see how there can be options which are not “throw
grenade, run away, burn feature”. One that immediately popped into my mind
would be to store the complete database and use the update API to keep it
up-to-date; then expose it as a service ran by GNOME (even with the same REST
API as Google does) [2]. Only the machine which fetches updates needs to have
the actual API key used to contact Google's service.

On the other hand, knowing that using the Safe Browsing service mandates
adding a cookie [3], one could make a case for either removing the support,
or at least not using Google's service 🤔



[2] Though something like this would need some clarification on what is the
    license of the database

Attachment: pgpGpNPIPfuRW.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]