Your message dated Thu, 8 Nov 2018 20:08:10 +0000
with message-id <20181108200810.600d2...@tizio.sur5r.net>
and subject line Re: Bug#913175: minitube sources exposes google API key
has caused the Debian Bug report #913175,
regarding minitube sources exposes google API key
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
913175: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913175
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: miniube
Version: version 2.9
Tags: security
Dear mantainer:
The file /debian/rules from the debian sources exposes a google API key,
This is sensitive information. That key should be considered compromised,
and could be potentially be abused by others.
Is there no better solution than to have this keys hardcoded in the sources?
best regards
Pablo De NĂ¡poli
--- End Message ---
--- Begin Message ---
tag 913175 wontfix
kthxbye
On Wed, 7 Nov 2018 17:00:40 -0300
Pablo De Napoli <pden...@gmail.com> wrote:
> The file /debian/rules from the debian sources exposes a google API
> key, This is sensitive information. That key should be considered
> compromised, and could be potentially be abused by others.
First, please see #852601 for reference. API keys are meant to identify
an application to the service. There is no way to hide them
effectively, even if the sources were not available.
> Is there no better solution than to have this keys hardcoded in the
> sources?
This was done before, as you can infer from the discussion in #852601.
Every user had to get a separate API key, which is way too cumbersome.
Plus it needlessly enables Google to track users even easier.
Regards,
sur5r
--
ceterum censeo microsoftem esse delendam.
pgpUFNtvhD9RI.pgp
Description: OpenPGP digital signature
--- End Message ---
