On Mon, 31 Aug 2020 20:44:42 -0400, Ken Hornstein said:
- Paragraph 4.b.1, which states that "You will keep your credentialsconfidential and make reasonable efforts to prevent and discourage other API Clients from using your credentials. Developer credentials may not be embedded in open source projects." prohibits the use of OAuth credentials in free software projects. As I wrote above (and earlier), Google tolerates (at the moment) that this specific point of their TOS is violated. But that doesn't mean that violating them is without legal risk.Oof, fair enough. It does seem unfortunate that the official rules don't permit OSS projects; I wish there was a way for a user to create their own custom API key and they could just add that to their account. Honestly, I am fine with doing what KMail did (since that's what we did before).
Oh, it's fairly easy for a user to create their own custom API key for their own instance of fetchmail. What's *not* permitted is for a *project* to ship a tarball or whatever with a key usable by everybody who installs the package. Which of course is actually pretty reasonable - imagine the flamestorm if openssh shipped a public/private keypair that it installed on every machine.....
pgprVNV9SC5fw.pgp
Description: PGP signature