Re: GNOME Online Accounts 3.34 won't have documents support
- From: mcatanzaro gnome org
- To: Nathan Graule <solarliner gmail com>
- Cc: Sriram Ramkrishna <sri ramkrishna me>, Allan Day <aday gnome org>, GNOME Desktop Development List <desktop-devel-list gnome org>
- Subject: Re: GNOME Online Accounts 3.34 won't have documents support
- Date: Sun, 27 Jan 2019 19:45:45 -0600
On Sun, Jan 27, 2019 at 6:32 PM, Nathan Graule via desktop-devel-list
<desktop-devel-list gnome org> wrote:
Given what I've read about the Google policy (and I don't know how
much of that was added with the Jan. 15 revision), but it seems like
the very concept of GOA as a centralized account repository goes
against Google rules. Google wants to know by whom the OAuth key will
be used, and how. Under an open system where any third-party can
implement access to GOA, GNOME cannot be able to tell Google about
the use of the key (which is part of what they're asking in their
request, as the ansible issue presents <#2>).
Therefore GOA *needs* to change somewhat. At the very least, it
cannot let third-party applications use the GNOME OAuth key to access
Google APIs.
Question: the GNOME key is necessarily public, since it's open source
and we don't have secret sauce in the build system. GNOME can't stop
random apps from using it. Right? The g-o-a README says this is allowed:
https://gitlab.gnome.org/GNOME/gnome-online-accounts/blob/bf77325d847d2878159e8ba2677768b2fe6386a6/README#L58
So there's no way we can ever stop random applications from using the
GNOME key and pretending to be us, right? It just works because nobody
has decided to abuse it yet?
Michael
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
