OAuth Client Ids in packages?
bjoern
bjoern.michaelsen at canonical.com
Thu Dec 12 17:01:55 UTC 2013
Hi Luke,
On Thu, Dec 12, 2013 at 11:34:03AM -0500, Luke Faraone wrote:
> Google states in its API documentation[1] that they do not expect
> applications installed on user sites to be able to keep secrets from the
> user, so I don't think it will be problematic for you.
>
> Google themselves include some keys in their open source projects, see
Thanks that is helpful. Ill see how upstream goes with this. Its not much of an
issue on Linux I assume, where a revoked key would mean merely a libcmis
update. Other platforms (OS X, Windows), where LibreOffice is essentially a
distro on its own it might make things more tricky: You dont want force a full
LibreOffice update, just because a key was abused and revoked.
Best,
Bjoern
More information about the ubuntu-devel
mailing list