The importance is a bit arbitrary. From the security point of view, there is really no benefit in having this feature.
However, there is a real case for it, because service providers might have some guidelines on where the application keys can appear and where they cannot: I recall Ken telling me that Twitter was unhappy about having the application keys visible in the Gwibber's source code, and just moving them to the debian/rules files made them happier. It's illogical, but it can happen. There is anyway another reason why this feature is needed: in some cases, authentication parameters are known only at run time, and therefore cannot be encoded in any static file. The example (and the reason why I hurried to fix this bug) is UbuntuOne, whose "TokenName" parameter is based on the device's hostname, which is changeable. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1554040 Title: Allow hiding authentication data in scope binary To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-scopes-api/+bug/1554040/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
