[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: Is there way to include some sensitive credentials in builds?
From:       Kevin Kofler <kevin.kofler () chello ! at>
Date:       2020-06-16 0:02:38
Message-ID: rc926v$3i1a$1 () ciao ! gmane ! io
[Download RAW message or body]

Igor Raits wrote:
> I am packaging one nice GUI application (newsflash) that is working
> with API of some services like feedly. Those require some API key, but
> I think it is against their rules to have it included in the plain-text
> format in git. I am curious if there is a way how to get those passed
> during the build. The key can be passed as an environment variable on
> the user's system, but there is no way everybody will be getting their
> own keys and I think this is non-trivial process.

Unfortunately, this whole API key concept is inherently incompatible with 
the concept of Free Software.

The only thing that you can do is to get an API key for Fedora, ship it in 
dist-git no matter what the service's TOS say, and hope they won't ban the 
key. (Most services actually don't, because they know that their rules are 
not realistically enforcible to the letter for Free Software.) If they do 
ban the key, there is not much we can do unfortunately.

        Kevin Kofler
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

[prev in list] [next in list] [prev in thread] [next in thread]