Hi Ken, > It does seem unfortunate that the official rules don't permit OSS > projects
https://developers.google.com/terms#b_confidential_matters says b. Confidential Matters Developer credentials (such as passwords, keys, and client IDs) are intended to be used by you and identify your API Client. You will keep your credentials confidential and make reasonable efforts to prevent and discourage other API Clients from using your credentials. Developer credentials may not be embedded in open source projects. Take the closed-source API client. How does it ‘make reasonable efforts to prevent and discourage other API Clients from using your credentials’? It's not shipping source, but does embedding it somewhere inside an ELF executable count as reasonable? I disassemble machine code a lot, so perhaps it's only reasonable if they make some effort to disguise it? How is that different to an open-source project shipping the API key as two parts: an encryption key and the encrypted API key? It seems reasonable to me. It's probably not too hard to make it as awkward to get the plain-text key as it is to disassemble. Or, we ship a proprietary closed-source blob, or download it if it's not present, and lo, we've set the bar as high as those closed-source shippers. IANAL. The answers I got from a FSF lawyer about the implications of signing their copyright assignment many years ago suggest to me that those who have signed it probably don't interpret it as a lawyer does. :-) -- Cheers, Ralph.
