Re,
Le 07/11/2016 à 19:03, Lee Garrett a écrit : > Hi, > > On 07/11/16 17:56, matlink wrote: >> Hi Lee, >> >> Well the main goal for gplaycli was to provide a noconf and very easy to >> use command line for downloading apks. > I totally see the appeal, which is why I'm using it and want to see it in good > shape in Debian. :) > I'm personally working towards a way to have a phone without any google apps. > >> Creating a google account is for some people not the best idea, because >> they either disagree with their ToS or they don't want to give Google >> too many infos (AFAIK Google requires a phone number). > Yes, good point. > >> I am totally aware of the issues that providing default credentials >> includes. Anyway, I am tired of resetting that default credentials' >> account password because a fool changes it. It's sad to see there are >> always such persons to mess everything up. > You can probably avoid people changing the password by activating 2FA. No idea > if gplaycli still works then, needs to be tested. If 2FA is enabled, I think that every attempt to connect with gplaycli will require a second authentication, which is not possible in such a scenario. I'll give it a try right now, but I'm pretty sure Google will refuse the connection since 2FA is enabled. > >> The approach you give seems interesting, however the simplicity of usage >> falls down. But I'm ready to get rid of these default credentials. Maybe >> the github version could provide defaults credentials, and the debian >> one does not? > How about the following: > > The updated package will ask via debconf if the user wants to provide > credentials. If confirmed, google user/pass will be accepted and an Android ID > generated. If denied, it will use your credentials, just as currently. In > non-interactive installations it'll default to your credentials. > > We'll provide in a README how to generate the Android ID, in case people want > to switch to their own credentials. Ideally it should just be adding new > credentials to /etc/gplaycli/credentials.conf and then just re-run a command > to generate the Android ID. I approve, but we will still provide default credentials, then not resolving the issue of misuse of this google account (password change, spam, ...). > >> I will need to investigate again on how to generate an AndroidID (Racoon >> does it well, Dummy Droid too, Hans-Christoph Steiner is on the way to >> package it for debian). > I'll look around. Last time I attempted it, I spent a few hours. Apparently > many tools that achieve this have suffered bit rot due to API changes. > >> To be honest, I'm out of time these days and I don't think it'll go >> better. Any help is greatly appreciated. >> >> Regards, > Regards, > Lee > > >> Le 07/11/2016 à 17:11, Lee Garrett a écrit : >>> Package: gplaycli >>> Followup-For: Bug #823004 >>> >>> Hi Matlink, >>> >>> the way gplaycli is shipped makes it problematic for several reasons: >>> - Sharing account passwords violates Google's ToS >>> - Someone could abuse that account for spamming via gmail, prompting Google >>> to disable the account >>> - Everyone can change the password (just checked) breaking every >>> installation of gplaycli >>> - It probably makes it easier to track gplaycli users >>> (probably more problems if I'd dig more) >>> >>> So the right approach must be: >>> Use debconf to ask for google account credentials (no defaults), then >>> generate the Android ID by >>> some other means. AFAICS this currently means that another tools needs to >>> be included/packaged to >>> generate this. >>> >>> You probably know better what the general approach is, if you could outline >>> them I'd be more than >>> happy to help with implementing this. >>> >>> Bumping the bug severity accordingly. >>> >>> Regards, >>> Lee >>> >>> -- System Information: >>> Debian Release: stretch/sid >>> APT prefers testing >>> APT policy: (500, 'testing'), (101, 'unstable'), (1, 'experimental') >>> Architecture: amd64 (x86_64) >>> Foreign Architectures: i386 >>> >>> Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores) >>> Locale: LANG=en_GB.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) >>> Shell: /bin/sh linked to /bin/dash >>> Init: systemd (via /run/systemd/system) -- Matlink - Sysadmin matlink.fr Sortez couverts, chiffrez vos mails : https://café-vie-privée.fr/ XMPP/Jabber : matl...@matlink.fr Clé publique PGP : 0x186BB3CA Empreinte Off-the-record : 572174BF 6983EA74 91417CA7 705ED899 DE9D05B2
signature.asc
Description: OpenPGP digital signature
