Mailinglist Archive: opensuse-project (539 mails)

< Previous Next >
Re: [opensuse-project] Keys to Social APIs, who should generate them
Hi Alan,

Andrew, given your experience what security measures will be necessary for
these keys? Will there be a need for some elaborate security process or a
simple trusted Keymaster to keep track of the keys?

I wouldn't say there are any security measures per se. It is more a
matter of managing, so a keymaster or similar would be sufficient.
Basically it is a matter of having some unit responsible for the
generation of the keys, and also keeping track of what keys are for
what service. When a user makes a post using the key, it would
display as coming from "$SERVICE on openSUSE" or similar. So
ultimately openSUSE needs to know what services and what apps using
their key are.

It is a subtle form of marketing, as an example Ubuntu replaced the
API key in Gwibber (social network client for GNOME) with their own
key and it displays as posted from "Ubuntu"; Fedora have done
something similar and it displays as "Fedora-Gwibber" or similar.



Andrew Wafaa
IRC: FunkyPenguin
GPG: 0x3A36312F
openSUSE: Get It, Discover It, Create It at
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-project+help@xxxxxxxxxxxx

< Previous Next >