Re: gmail+imap+smtp (oauth2)

[tomas]

On Fri, May 06, 2022 at 07:38:12AM -0400, Stefan Monnier wrote:
> > Problem is, Google T&C require that the application ID is kept secret.
> > For open source, this is a problem because we cannot add the applicaiton
> > ID and keep it secret while making the code open source.
> 
> FWIW, it's also a problem for proprietary applications since the secret
> will necessarily be somewhere inside the executable as well.  It's a bit
> harder to find, and can be obfuscated to some extent, but as long as you
> can run the code inside a debugger and you have enough time on your
> hands to reverse engineer the workings of that part of the code you can
> also extract the application ID.

We know. They know. We know they know. They know we know they know.
We've been down this drm-keys-embedded-in-application tango so many
times already-

Now someone explain to me: why do they nevertheless do it?

Is it for having some T&C where they basically say "we'll
kick you out whenever we think we want to"?

I'm hard-pressed to come up with a friendlier interpretation.

Cheers
-- 
t

signature.asc
Description: PGP signature