Hi, On Mon, 18 Feb 2019 09:52:54 -0600, mcatanzaro gnome org wrote:
On Sun, Feb 17, 2019 at 7:20 AM, Sam Thursfield <ssssam gmail com> wrote: [...]3. continue distributing a "GNOME key" with the source code, and hope that Google don't mindI suggest we don't continue to willfully violate Google's terms of service now that the issue has been brought to our attention. The only reasonable option seems to be to shut down our Google integration. Not just from g-o-a, but also the Safe Browsing support in Epiphany.
At least in the case of Safe Browsing, I think it would make more sense to figure out what Firefox, Vivaldi, or even *Chromium* are doing, or at least contact someone inside Google. Also, looking at [1] I can see how there can be options which are not “throw grenade, run away, burn feature”. One that immediately popped into my mind would be to store the complete database and use the update API to keep it up-to-date; then expose it as a service ran by GNOME (even with the same REST API as Google does) [2]. Only the machine which fetches updates needs to have the actual API key used to contact Google's service. On the other hand, knowing that using the Safe Browsing service mandates adding a cookie [3], one could make a case for either removing the support, or at least not using Google's service 🤔 Cheers, -Adrián --- [1] https://developers.google.com/safe-browsing/v4/ [2] Though something like this would need some clarification on what is the license of the database [3] https://ashkansoltani.org/2012/02/25/cookies-from-nowhere/
Attachment:
pgpGpNPIPfuRW.pgp
Description: PGP signature