Hi Cedric, On Thu, Nov 07, 2013 at 09:53:47AM -0800, =?ISO-8859-1?Q?C=E9dric_Bosdonnat_ <cedric.bosdonnat@free.fr>, ?= wrote:
OAuth2 application keys shouldn't be in the code.
The GDrive OAuth2 key is now defined at configure time. If either the
client secret or client id is missing, the Google Drive connectivity
will be disabled at runtime.
Tinderboxes can set up a GDrive key, but they need to make sure it's
not persisting in the build log.
I understand that open-source and all this key management is quite a pain and a conflicting area. However, what's the plan here, do you want TDF to create some official key, and then TDF builds would use that, or? What I would like to avoid is that this worked fine in 4.2-alpha, gets release-noted, but at the end the TDF builds won't have this feature. We had that issue with the bluetooth remote control already. ;-) Also, given the old key is still in git history, can that be used by developers, or there is a plan to revoke the old (public) key? Thanks, Miklos
Attachment:
signature.asc
Description: Digital signature