Duane Roelands <duane.roela...@gmail.com> writes: > No, there's really not a good solution for open source developers. :(
If there really isn't a good solution for open source developers, there isn't a good solution for *any* developers unless you're running through a private proxy (and even that has problems). I think that the PIN solution is about as workable as anything at the present, and haven't seen any solid ideas for improving upon it without breaking the core principles of OAuth. As far as app reputation and source reporting goes, the OAuth solution is no less secure than basic auth source parameters (there's no verification that an application is authorized to use a given source parameter). -Michael -- mouse, n: A device for pointing at the xterm in which you want to type.