Thursday, 12 December 2013

Re: OAuth Client Ids in packages?

Hi Luke,

On Thu, Dec 12, 2013 at 11:34:03AM -0500, Luke Faraone wrote:
> Google states in its API documentation[1] that they do not expect
> applications installed on user sites to be able to keep secrets from the
> user, so I don't think it will be problematic for you.
>
> Google themselves include some keys in their open source projects, see

Thanks that is helpful. Ill see how upstream goes with this. Its not much of an
issue on Linux I assume, where a revoked key would mean merely a libcmis
update. Other platforms (OS X, Windows), where LibreOffice is essentially a
distro on its own it might make things more tricky: You dont want force a full
LibreOffice update, just because a key was abused and revoked.

Best,

Bjoern

--
ubuntu-devel mailing list
[email protected]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel