Date: Wed, 29 May 2013 23:21:23 -0700 From: Xin Li <delphij@delphij.net> To: =?ISO-8859-1?Q?Ren=E9_Ladan?= <rene@freebsd.org> Cc: freebsd-chromium@freebsd.org, phajdan.jr@chromium.org Subject: Re: using API keys in the FreeBSD Chromium port Message-ID: <51A6EFE3.7030306@delphij.net> In-Reply-To: <51A5F67F.3010706@freebsd.org> References: <51A5F67F.3010706@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 5/29/13 5:37 AM, René Ladan wrote: > Hi, > > the patch at [1] enables the use of FreeBSD API keys which allows > things like Google Sync to work. However [3] states that these > keys "are not for distribution purposes and must not be shared with > other users". There has been some discussion about this on how to > deal with this for source-based at [2], but it seems no consensus > has been reached. Is it permitted to include these keys in the > FreeBSD Ports Tree, and if not, are there any alternatives? What's the purpose of these keys? E.g. are they used to encrypt sensitive information, or are they used to identify that "this user is running this client, unchanged"? I personally don't think it's very practical to protect the key -- it has to be embedded into the binary some way, encrypted or encoded, or stored as plain text, and has to be decrypted/decoded to plain text before use, so anyone who do the due diligent would be able to get it, binary or source code. The only way to mitigate the problem, I think, would be to use a new key every new version and invalidate older ones from time to time, but that doesn't really solve the problem I guess. Cheers, -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJRpu/jAAoJEG80Jeu8UPuzRxoH/jm0XlV1KrviaxXBW303YaoF nqvJouXbt5qbgI7u/j3GSToJ/yUZLS0FT3OhLXEClven0nLj5sdR1Ru6EIjlKCwO 6wh6CbMhDhnn08crzFAD7jotDfcXDwX5yoqKsX1U6IE1it1t8K9Nx3nvVIca1bIS uMSWXpzNF8BPv9cOAjKm+NHAwsrm5qUOxuyiakNM2E/heRkF+6IG5AQwPd5WUKKS mUl5a8JnkvOf3T+ufFkkq9ehafHG9ADXkMiqvyW2BMb/e1ka6i8zazf6EX4Js19T tysv12ebw13vGqOXxSZ/62/gOhZJyc8siyPjybfmQ/nCnBiQmV2shBEE1uPO/mE= =Hi0t -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51A6EFE3.7030306>