Re: GNOME Online Accounts 3.34 won't have documents support

On Sun, Jan 27, 2019 at 6:32 PM, Nathan Graule via desktop-devel-list <desktop-devel-list gnome org> wrote:
Given what I've read about the Google policy (and I don't know how much of that was added with the Jan. 15 revision), but it seems like the very concept of GOA as a centralized account repository goes against Google rules. Google wants to know by whom the OAuth key will be used, and how. Under an open system where any third-party can implement access to GOA, GNOME cannot be able to tell Google about the use of the key (which is part of what they're asking in their request, as the ansible issue presents <#2>). Therefore GOA *needs* to change somewhat. At the very least, it cannot let third-party applications use the GNOME OAuth key to access Google APIs.

Question: the GNOME key is necessarily public, since it's open source and we don't have secret sauce in the build system. GNOME can't stop random apps from using it. Right? The g-o-a README says this is allowed:

So there's no way we can ever stop random applications from using the GNOME key and pretending to be us, right? It just works because nobody has decided to abuse it yet?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]