Don't commit MaxMind license key to your repository
ugexe opened this issue · 6 comments
This is intentional; we want anyone to be able to create a build. It's functionally only an access code. I'm comfortable with it being public.
Typically one would allow users to provide their own maxmind license key, as distributing the license key itself is probably against the ToS or licensing agreement. If the key were to be deactivated because of this, then this software would be broken for users and they would have no way to work around it.
Yeah — I agree that it's less than ideal, but I don't want to require everyone to get their own MaxMind key in order to build the image/develop locally. If the access key is deactivated, we can take a new approach. That being said, existing images would not break because we embed the database as part of the image build; thankfully only new builds would fail.
For local development, you can use test databases: https://github.com/maxmind/MaxMind-DB/tree/main/test-data
Thanks! That said, I'd really like everything to "just work" out of the box without users having to create MaxMind API keys.
(I also recognize that you work at MaxMind; perhaps we can work out some kind of licensing system that allows us to distribute the MMDB with our package? IIRC the API key gating is to comply with GDPR requirements.)