Am Samstag, 10. August 2019, 20:32:00 CEST schrieb John Ralls: > > the German online banking users have received notice from their banks that > > due to EU regulations, from mid-September onwards (Sept 14th) the banking > > client software has to use a registered product key, otherwise the bank > > server connection will be refused. > > > > (In German: https://www.hbci-zka.de/register/prod_register.htm ) > > > > For gnucash, I have registered and received such a product key, and in the > > communication to me there haven't been any restrictions that would pose > > problems for open source software. Hence, as long as gnucash will stick to > > this procedure and send the product key, the users (and we) should be > > fine. > > Apparently the bank servers were supposed to have switched over last week, > see https://www.hbci-zka.de/register/register_faq.htm. The 14 September > deadline seems to have something to do with using FinTS bank interfaces via > third party services, see https://subsembly.com/apidoc/fints/index.html > under "PSD2 Client Registration". I suppose some users may have configured > GnuCash to do that and now will have to reconfigure to talk to their banks > instead. There's nothing we can do about that.
The information on the zka.de website about the dates is (no pun intended) outdated and the information is also unchanged for many months there. The date of Sept. 14th is what various users received as notification from their banks quite recently, that's where this date is from. > Regardless, we can do a snap release as soon as we can get the registration > number issue sorted and I can make time to do the release. The windows nightly has built last night. On gnucash-de I asked windows-users to start testing it. Let's see whether this is indeed sufficiently implemented. Once some positive feedback has arrived, a 3.7 release sometime in August would indeed be great - as it fits best for you. > I am a bit concerned about the registration number being published. What's > to prevent a bad actor from taking it and using it in a different, > malicious, application? What might be the consequences? Would DK revoke > GnuCash's registration? I think it more likely that the folks at DK didn't > even consider the possibility that there might be an open source financial > application than that it doesn't matter to them. I totally understand these concerns, and it holds for any open source project here, not only ours. Such as: KMyMoney, Hibiscus, aqbanking, but there are surely more. As it turns out, we've discussed those very same points on gnucash-de several months ago (in German) because the various people there came up with the same questions. Some people have asked at the ZKA for a statement regarding their view on open source software. Eventually we got a reply which is in our favor: This registration number has no legal obligations behind it. It is merely a tool for guiding the user support into better suited answers. There's no security level introduced by this here, and it is known to the ZKA that open source software will have this number observable in the public source code. Yes, this in turn questions the whole point of this fuzz... on the other hand, if the bank server will otherwise refuse the whole online connection in the first place, we also have to do something about it. Regards, Christian _______________________________________________ gnucash-devel mailing list firstname.lastname@example.org https://lists.gnucash.org/mailman/listinfo/gnucash-devel