[jdev] manifesto 0.4

Peter Saint-Andre stpeter at stpeter.im
Wed Oct 30 17:22:14 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/30/13 11:08 AM, Kevin Smith wrote:
> On Wed, Oct 30, 2013 at 4:55 PM, Peter Saint-Andre
> <stpeter at stpeter.im <mailto:stpeter at stpeter.im>> wrote:
> 
>>> Do we need, to be consistent, to disable the protocol but 
>>> indicate to the user he will need to perform an extra action
>>> to be able to connect, or do we need to make the connection 
>>> impossible in any case?
> 
> IMHO it's usually not a great idea to give the user insecure
> options. :)
> 
> 
> At the risk of derailing discussions or adding noise, it's worth
> noting that not everyone's opinion of what is insecure is the same
> and varies by context. I have worked with some XMPP systems where
> the connection method doesn't involve TLS that I would consider
> pretty secure.
> 
> Service providers on the Internet will probably be fine with
> committing to all this stuff, but we should (IMNSHO) continue to
> stop short of suggesting to devs what their software needs to do by
> default (I think it's sensible to suggest things that need to be
> supported).

Yes, that's what the manifesto tries to do w.r.t. software
implementations. If it's stepped over the line, let's figure what's right.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJScUBGAAoJEOoGpJErxa2ped8P/2yh4037kJKYPLQ+/vaoorEM
JY+J9tbTq/nhbeWBYR9M3MOFXYXFx0pwlDFOUwc/UDlZJzSPUXrpSqwT65FjgF4M
HV5FeajrvSSBBUZolcPvc9697f0irnWdSPIDr/WHTG+SSKfyMDxomVW3HwC3b2kp
CAhyCGPohx7DSvlTYawomxL9CDaRXL5rwgeb2CuKZXW2etnvEewP40j4GKkxQFLV
6/nJcOibf3O10GaEPaNeunCC/HVAayHSr1dI+TpCiBU/Kwi4kTxpaVCJ/lRig8mc
9Nyum2SZARVc1RuZOHPLiOqKLiCxE5OYVoJXDUXHNjIVzeL+QZHNyQdebA3ZtdEP
SX7y85FDxo7Bq7H6MZON7ccixXi0gccF/6ItIufrnGk+3yRUZDfJVNNSY4IIBwag
bak+9GATkEOEuZZbofRHDGDAGq2BjFGAjAstBATxhbgwafwBDToVGhhyhgomYczV
CELt1bo/svQXVghx5AZR71swfSpKwz49BmdW2bTMxMJ8OgsrCab6krA92bA8CTVs
TtvRlGGk0q9LhM7v/1UbmYmwgYGklvd0LtH7ZjWdiZh/k5/hmo8DxCG3+ORkhTxI
AHDEH/KyiI2EU0B+yC/yUqzenKKXMk9ap+gqGRiizOdtb1qa1ciwp4YIfk1vMnyS
4k8+azUknraKM1LkW8sS
=RCF2
-----END PGP SIGNATURE-----

More information about the JDev mailing list