PSA: The GDPR & Invalidation of Ore API Keys

My apologies for one of the less exciting posts you’ll read today, but it is an important one. Please take a moment to read, there are two important things that you should be aware of.

The GDPR and ToS acceptance

As many of you will know about by now from the numerous e-mails you will have had about updated privacy policies, the EU GDPR (General Data Protection Regulation) comes into force on the 25th May. Behind the scenes, we’ve been working away to ensure that our processes and systems are compliant.

If you haven’t done so already, we now require you to accept our terms of service and our privacy policy when signing in to our services. This is to ensure that you explicitly consent to our terms to use our systems, in line with the requirements of the GDPR. Even if you think “not another one, I’ll just agree”, please take a moment to do so as it talks about what we do with your data. We promise to not do anything shady, but it’s something you should be familiar with.

Invalidation of Ore API Keys

Plugin developers: we have invalidated all Ore API keys that could be used for publishing new files. This affects anyone using the Ore file upload API to publish their plugins, this does not affect the web interface, nor does it remove any PGP keys associated with your account. This is to ensure that a user who has accepted our ToS has created them. You will need to recreate them in Ore and update your upload scripts to use your new API key in order to continue using the publishing API endpoints.


Hmm, GDPR…

Please alert us if there are any issues accepting the TOS!