Sounds like the assumption is that part of the keypair is in the source. That is clearly a bad idea ... The software should obly provide for processes and not ever content

Sent from my iPhone

On Jul 1, 2009, at 11:10 AM, Andrew Badera <and...@badera.us> wrote:


No one's snarking, but again, interesting you would interpret it that way.

Open source all you want, each person deploying an instance will have
to get their own keys. What's so tough about that?



On Wed, Jul 1, 2009 at 11:07 AM, DWRoelands<duane.roela...@gmail.com> wrote:

Andrew,

This isn't about credit in the source parameter.  It's about
application security.

Twitter has stated that Basic Auth will eventually be deprecated.
OAuth will eventually be the only method of authentication available.
When that happens, developers of open source clients will be forced to
reveal their Consumer Key Secret.

This is a very real problem; open-source developers of desktop clients
will have to reveal their Consumer Key Secret.

Can we keep this discussion focused on the technical issues at hand,
rather than snarking about one another's motives?  It's not
productive.

Regards,
Duane


On Jul 1, 10:57 am, Andrew Badera <and...@badera.us> wrote:
Not what I said in the least, but it's interesting that you should
interpret it that way.

Re-read what I said.

If someone is open sourcing something, in the true spirit of open
source, they shouldn't care about getting credit in the source
parameter.

Thanks you and good night, I'm here all week, try the veal, don't
forget to tip your waitresses and angry developers.



On Wed, Jul 1, 2009 at 10:50 AM, Cameron Kaiser<spec...@floodgap.com> wrote:

Yes, but don't distribute it. Obviously config files are human
readable, but you blank out secrets before publishing them.

People using open source libraries will have to get their own keys. So, either you really are contributing in the spirit of open source, and you don't care about getting credit, or you're doing it for self
promotional purposes, and the conversation is moot anyhow.

That's an asinine statement. So everybody who doesn't make their open
source software anonymous is a publicity whore?

--
------------------------------------ personal:http://www.cameronkaiser.com/--
Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com -- In memory of John Banner ---------------------------------------------------

Reply via email to