On Mon, 2017-03-27 at 14:57 +0200, Matlink wrote: > A token authentication is now privided. By default, gplaycli will > retrieve a token from a server I control, and use it to talk with the > Google servers.
Seems like a reasonable compromise. I think you probably want to drop gmail_password from the default configuration file and change the password again? Would it be possible to serve it on the same domain as your website instead of a subdomain? TLS SNI means gplaycli basically says "I'm getting a gplaycli token!" in plaintext on the network all the time. This would need another release to change the default token server. Please update your webserver and token-dispenser config to disable logging of all requests to the token server. > I hope this version will be added to stretch since it fixes that RC > bug, if everyone agrees. The changes seem suitable for Debian stretch to me. Once it gets uploaded to Debian, you will need to file an unblock: https://release.debian.org/testing/freeze_policy.html -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
