> On Aug 10, 2019, at 4:20 AM, Christian Stimming <christ...@cstimming.de> 
> wrote:
> Dear developers,
> the German online banking users have received notice from their banks that 
> due 
> to EU regulations, from mid-September onwards (Sept 14th) the banking client 
> software has to use a registered product key, otherwise the bank server 
> connection will be refused.
> (In German: https://www.hbci-zka.de/register/prod_register.htm )
> For gnucash, I have registered and received such a product key, and in the 
> communication to me there haven't been any restrictions that would pose 
> problems for open source software. Hence, as long as gnucash will stick to 
> this procedure and send the product key, the users (and we) should be fine.
> However, as our banking library aqbanking only recently introduced the 
> necessary API for this, it was not before July 7th that this code has been 
> introduced into gnucash, which means our last stable version gnucash-3.6 does 
> not yet contain this.
> My question is: Can we schedule the 3.7 release somewhat earlier than our 
> normal 3-month schedule, so that this release is available before the bank 
> server change in mid-September? Normal schedule for 3.7 is End of September, 
> but this is too late for users of this feature.
> In theory, any release date between now and Sept 14th would be fine, although 
> the earlier we do this, the earlier the respective updates can be tested by 
> the users. Maybe around August 20th?


Apparently the bank servers were supposed to have switched over last week, see 
https://www.hbci-zka.de/register/register_faq.htm. The 14 September deadline 
seems to have something to do with using FinTS bank interfaces via third party 
services, see https://subsembly.com/apidoc/fints/index.html under "PSD2 Client 
Registration". I suppose some users may have configured GnuCash to do that and 
now will have to reconfigure to talk to their banks instead. There's nothing we 
can do about that.

Regardless, we can do a snap release as soon as we can get the registration 
number issue sorted and I can make time to do the release.

I am a bit concerned about the registration number being published. What's to 
prevent a bad actor from taking it and using it in a different, malicious, 
application? What might be the consequences? Would DK revoke GnuCash's 
registration? I think it more likely that the folks at DK didn't even consider 
the possibility that there might be an open source financial application than 
that it doesn't matter to them.

John Ralls

gnucash-devel mailing list

Reply via email to