|
| From: | chad |
| Subject: | Re: Has anyone looked at JMAP? |
| Date: | Mon, 31 Aug 2020 16:25:11 -0700 |
>AIUI, Google was planning on discontinuing LSA access late this year for
>gmail accounts (hosted GSuite accounts had a different timeline but the
>same goal). Instead, apps can apply for an app-specific "secret", but on
>terms that specifically disallow open-source code from shipping the secret.
Well ... we've been dealing with this as well. Our reading of the terms
is that the issue isn't with open source software at all, but more about
how you prove that you're "you" (we shipped a secret that worked until
very recently). I don't see anything that really disallows OSS, though!
Google's terms of service for OAuth services are available at
https://developers.google.com/terms . Only a lawyer can tell you in brief
terms what the concrete requirements are.
...
- Paragraph 4.b.1, which states that "You will keep your credentials
confidential and make reasonable efforts to prevent and discourage other
API Clients from using your credentials. Developer credentials may not be
embedded in open source projects." prohibits the use of OAuth credentials
in free software projects. As I wrote above (and earlier), Google
tolerates (at the moment) that this specific point of their TOS is
violated. But that doesn't mean that violating them is without legal
risk.
| [Prev in Thread] | Current Thread | [Next in Thread] |