How difficult is it to, as part of the build, check for a key file, if  
it doesn't exist, go to Twitter and do the stuff to get the tokens,  
parse the tokens and save in the key file, and then continue on with  
the build. Seems easy enuff.

-- Bruce
Sent from my iPhone

On Jul 1, 2009, at 8:23 AM, Andrew Badera <and...@badera.us> wrote:

>
> But that's the choice you're forced to make by OAuth, not Twitter. And
> it is YOUR choice. Personally, I would probably use the conventional
> mechanisms of open source: mailing lists, special interest and user
> groups. Pound the pavement and promote yourself. Who said it was going
> to be "easy"?
>
>
> On Wed, Jul 1, 2009 at 11:22 AM, JDG<ghil...@gmail.com> wrote:
>> The problem is that by everyone getting their own consumer keys,  
>> the source
>> parameter will be different for every person. Now, I'm not  
>> interested in
>> getting my name in lights in the Twitter world -- I could honestly  
>> care
>> less. That said, if I'm going to spend a significant portion of my  
>> time
>> creating an open source app for people to enjoy, I'd like for  
>> people to
>> actually know that they can use it, and the source parameter is by  
>> far the
>> easiest way to accomplish that.
>>
>> On Wed, Jul 1, 2009 at 09:10, Andrew Badera <and...@badera.us> wrote:
>>>
>>> No one's snarking, but again, interesting you would interpret it  
>>> that way.
>>>
>>> Open source all you want, each person deploying an instance will  
>>> have
>>> to get their own keys. What's so tough about that?
>>>
>>>
>>>
>>> On Wed, Jul 1, 2009 at 11:07 AM,  
>>> DWRoelands<duane.roela...@gmail.com>
>>> wrote:
>>>>
>>>> Andrew,
>>>>
>>>> This isn't about credit in the source parameter.  It's about
>>>> application security.
>>>>
>>>> Twitter has stated that Basic Auth will eventually be deprecated.
>>>> OAuth will eventually be the only method of authentication  
>>>> available.
>>>> When that happens, developers of open source clients will be  
>>>> forced to
>>>> reveal their Consumer Key Secret.
>>>>
>>>> This is a very real problem; open-source developers of desktop  
>>>> clients
>>>> will have to reveal their Consumer Key Secret.
>>>>
>>>> Can we keep this discussion focused on the technical issues at  
>>>> hand,
>>>> rather than snarking about one another's motives?  It's not
>>>> productive.
>>>>
>>>> Regards,
>>>> Duane
>>>>
>>>>
>>>> On Jul 1, 10:57 am, Andrew Badera <and...@badera.us> wrote:
>>>>> Not what I said in the least, but it's interesting that you should
>>>>> interpret it that way.
>>>>>
>>>>> Re-read what I said.
>>>>>
>>>>> If someone is open sourcing something, in the true spirit of open
>>>>> source, they shouldn't care about getting credit in the source
>>>>> parameter.
>>>>>
>>>>> Thanks you and good night, I'm here all week, try the veal, don't
>>>>> forget to tip your waitresses and angry developers.
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jul 1, 2009 at 10:50 AM, Cameron  
>>>>> Kaiser<spec...@floodgap.com>
>>>>> wrote:
>>>>>
>>>>>>> Yes, but don't distribute it. Obviously config files are human
>>>>>>> readable, but you blank out secrets before publishing them.
>>>>>
>>>>>>> People using open source libraries will have to get their own  
>>>>>>> keys.
>>>>>>> So, either you really are contributing in the spirit of open  
>>>>>>> source,
>>>>>>> and you don't care about getting credit, or you're doing it  
>>>>>>> for self
>>>>>>> promotional purposes, and the conversation is moot anyhow.
>>>>>
>>>>>> That's an asinine statement. So everybody who doesn't make  
>>>>>> their open
>>>>>> source software anonymous is a publicity whore?
>>>>>
>>>>>> --
>>>>>> ------------------------------------
>>>>>> personal:http://www.cameronkaiser.com/--
>>>>>>  Cameron Kaiser * Floodgap Systems *www.floodgap.com*
>>>>>> ckai...@floodgap.com
>>>>>> -- In memory of John Banner
>>>>>> ---------------------------------------------------
>>>>
>>
>>
>>
>> --
>> Internets. Serious business.
>>

Reply via email to