On Thursday, March 03, 2011 12:13:38 PM Marcus Rueckert wrote:

On 2011-03-03 11:08:01 +0000, Andrew Wafaa wrote:

...

GNOME3 (and potential KDE?) includes libsocialweb, a social data aggregator that was used by MeeGo to provide the Social Services. It has now moved home from under the banner of MeeGo, to under the banner of GNOME. From the outset, the distributor would need to generate the relevant API keys - this is something that I did when I packaged up Smeegol.

The question I have is, now that it is no longer being going to be rolled out as part of Smeegol but openSUSE proper, who should be responsible for the keys? Should it be Novell, Non-Novell, or a team that comprises a mix of both, like say the GNOME team or similar? There are six (6) keys that need to be generated/maintained/managed: Twitter, Facbook, Last.fm, Flickr, Digg, MySpace

The reason for asking is that someone needs to be responsible for any misuse, updates, changes etc as required by the service.

the opensuse board and later the opensuse foundation at least for the opensuse part. for SLE i think the desktop team should create their own keys.

This is one option, the could also delegate it or we all agree on who collects them. I volunteer to take care of this, let me check quickly with the board... Andreas -- Andreas Jaeger, Program Manager openSUSE, aj@{novell.com,opensuse.org} Twitter: jaegerandi | Identica: jaegerandi SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org

On Friday, March 04, 2011 02:22:33 PM Chuck Payne wrote:

On Fri, Mar 4, 2011 at 3:26 AM, Andreas Jaeger wrote:

...

On Thursday, March 03, 2011 12:13:38 PM Marcus Rueckert wrote:

...

On 2011-03-03 11:08:01 +0000, Andrew Wafaa wrote:

...

GNOME3 (and potential KDE?) includes libsocialweb, a social data aggregator that was used by MeeGo to provide the Social Services. It has now moved home from under the banner of MeeGo, to under the banner of GNOME. From the outset, the distributor would need to generate the relevant API keys - this is something that I did when I packaged up Smeegol.

The question I have is, now that it is no longer being going to be rolled out as part of Smeegol but openSUSE proper, who should be responsible for the keys? Should it be Novell, Non-Novell, or a team that comprises a mix of both, like say the GNOME team or similar? There are six (6) keys that need to be generated/maintained/managed: Twitter, Facbook, Last.fm, Flickr, Digg, MySpace

The reason for asking is that someone needs to be responsible for any misuse, updates, changes etc as required by the service.

the opensuse board and later the opensuse foundation at least for the opensuse part. for SLE i think the desktop team should create their own keys.

This is one option, the could also delegate it or we all agree on who collects them.

I volunteer to take care of this, let me check quickly with the board... Andreas -- Andreas Jaeger, Program Manager openSUSE, aj@{novell.com,opensuse.org} Twitter: jaegerandi | Identica: jaegerandi SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org

Andreas, can you be a bit clearer for me. I know we have a team of people that take care of twitter and facebook, but I am not sure what you are saying.

We speak about applications that need to register a key with e.g.faceboook before users can use them. We have to do this once for every application before our users can then use the apps and authenticate them in e.g.facebook to access their data. Andreas -- Andreas Jaeger, Program Manager openSUSE, aj@{novell.com,opensuse.org} Twitter: jaegerandi | Identica: jaegerandi SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org

Hi Alan,

Andrew, given your experience what security measures will be necessary for these keys? Will there be a need for some elaborate security process or a simple trusted Keymaster to keep track of the keys?

I wouldn't say there are any security measures per se. It is more a matter of managing, so a keymaster or similar would be sufficient. Basically it is a matter of having some unit responsible for the generation of the keys, and also keeping track of what keys are for what service. When a user makes a post using the key, it would display as coming from "$SERVICE on openSUSE" or similar. So ultimately openSUSE needs to know what services and what apps using their key are. It is a subtle form of marketing, as an example Ubuntu replaced the API key in Gwibber (social network client for GNOME) with their own key and it displays as posted from "Ubuntu"; Fedora have done something similar and it displays as "Fedora-Gwibber" or similar. Regards, Andy -- Andrew Wafaa IRC: FunkyPenguin GPG: 0x3A36312F openSUSE: Get It, Discover It, Create It at http://www.opensuse.org -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org