On Mon, Oct 28, 2013 at 6:35 PM, Paul Wise <[email protected]> wrote: > Moving the keys to a file on the installed system sounds like a good > idea. I would suggest compile-time and run-time options for this, as > well as checking paths in the user's home directory. >
There already are compile-time options and run-time options (using environment variables), see http://www.chromium.org/developers/how-tos/api-keys . Could you explain more how checking paths in the user’s home directory should work? Do you have any recommendation for the system-wide API keys file location? Similarly, do you have a preference of the format of that file? JSON is one reasonable idea I think. > Paweł, could you explain the motivations and intentions of the > Chromium and Google API teams here? > Note that I’m only speaking on my behalf here, not of Google, and not of Chromium project. Quoting from the message sent to Chromium packagers: The goal is to require keys for access, so that potential abuse of these > APIs can be more > easily detected and addressed. The goal of providing Chromium packagers the keys is to help keep Chromium a full-featured, completely open browser. Google Chrome only supports a limited set of distributions (BSDs are not supported at all), while Chromium can be compiled and run on more platforms. Instructions from http://www.chromium.org/developers/how-tos/api-keys may be too technical to follow by an average user, and the goal of including the keys inside the package is to make everything work out of the box. Your suggestions how to implement that are welcome - I’d certainly like to explore them. Debian cannot comply with the Google API terms, will Google therefore > revoke the API keys that we are using and block Debian users from > using Google APIs? > I obviously cannot answer this question. Note however, that packagers have received an official permission to redistribute the keys (quoting from the message sent to Chromium packagers): On behalf of Google Chrome Team I am providing you with: > Official permission to include Google API keys in your packages and to > distribute these > packages. The remainder of the Terms of Service for each API applies, but > at this time you > are not bound by the requirement to only access the APIs for personal and > development use, > and Additional quota for each API in an effort to adequately support your > users. Paweł
