On Mon, 31 Aug 2020 20:44:42 -0400, Ken Hornstein said: > >- Paragraph 4.b.1, which states that "You will keep your credentials > >> confidential and make reasonable efforts to prevent and discourage other > >> API Clients from using your credentials. Developer credentials may not be > >> embedded in open source projects." prohibits the use of OAuth credentials > >> in free software projects. As I wrote above (and earlier), Google > >> tolerates (at the moment) that this specific point of their TOS is > >> violated. But that doesn't mean that violating them is without legal > >> risk. > > Oof, fair enough. It does seem unfortunate that the official rules don't > permit OSS projects; I wish there was a way for a user to create their > own custom API key and they could just add that to their account. Honestly, > I am fine with doing what KMail did (since that's what we did before).
Oh, it's fairly easy for a user to create their own custom API key for their own instance of fetchmail. What's *not* permitted is for a *project* to ship a tarball or whatever with a key usable by everybody who installs the package. Which of course is actually pretty reasonable - imagine the flamestorm if openssh shipped a public/private keypair that it installed on every machine.....
pgpEIP4Rkm01d.pgp
Description: PGP signature