| From: |
| mcatanzaro-AT-gnome.org |
| To: |
| Nathan Graule <solarliner-AT-gmail.com> |
| Subject: |
| Re: GNOME Online Accounts 3.34 won't have documents support |
| Date: |
| Sun, 27 Jan 2019 19:45:45 -0600 |
| Message-ID: |
| <1548639945.60824.3@posteo.de> |
| Cc: |
| Allan Day <aday-AT-gnome.org>, GNOME Desktop Development List <desktop-devel-list-AT-gnome.org> |
| Archive-link: |
| Article |
On Sun, Jan 27, 2019 at 6:32 PM, Nathan Graule via desktop-devel-list
<desktop-devel-list@gnome.org> wrote:
> Given what I've read about the Google policy (and I don't know how
> much of that was added with the Jan. 15 revision), but it seems like
> the very concept of GOA as a centralized account repository goes
> against Google rules. Google wants to know by whom the OAuth key will
> be used, and how. Under an open system where any third-party can
> implement access to GOA, GNOME cannot be able to tell Google about
> the use of the key (which is part of what they're asking in their
> request, as the ansible issue presents <#2>).
> Therefore GOA *needs* to change somewhat. At the very least, it
> cannot let third-party applications use the GNOME OAuth key to access
> Google APIs.
Question: the GNOME key is necessarily public, since it's open source
and we don't have secret sauce in the build system. GNOME can't stop
random apps from using it. Right? The g-o-a README says this is allowed:
https://gitlab.gnome.org/GNOME/gnome-online-accounts/blob...
So there's no way we can ever stop random applications from using the
GNOME key and pretending to be us, right? It just works because nobody
has decided to abuse it yet?
Michael
