On Mon, Aug 31, 2020 at 3:46 PM Ken Hornstein <[email protected]> wrote:
> >AIUI, Google was planning on discontinuing LSA access late this year for > >gmail accounts (hosted GSuite accounts had a different timeline but the > >same goal). Instead, apps can apply for an app-specific "secret", but on > >terms that specifically disallow open-source code from shipping the > secret. > > Well ... we've been dealing with this as well. Our reading of the terms > is that the issue isn't with open source software at all, but more about > how you prove that you're "you" (we shipped a secret that worked until > very recently). I don't see anything that really disallows OSS, though! > Here's the part that came across emacs-devel: Google's terms of service for OAuth services are available at > https://developers.google.com/terms . Only a lawyer can tell you in brief > terms what the concrete requirements are. > ... - Paragraph 4.b.1, which states that "You will keep your credentials > confidential and make reasonable efforts to prevent and discourage other > API Clients from using your credentials. Developer credentials may not be > embedded in open source projects." prohibits the use of OAuth credentials > in free software projects. As I wrote above (and earlier), Google > tolerates (at the moment) that this specific point of their TOS is > violated. But that doesn't mean that violating them is without legal > risk. Hope that helps! ~Chad
