[jdev] manifesto 0.4
Yann Leboulanger
asterix at lagaule.org
Wed Oct 30 18:55:26 UTC 2013
On 10/30/2013 05:55 PM, Peter Saint-Andre wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/30/13 8:36 AM, Yann Leboulanger wrote:
>> On 10/30/2013 01:21 AM, Mathieu Pasquet wrote:
>>> On Tue, Oct 29, 2013 at 05:09:32PM -0600, Peter Saint-Andre
>>> wrote:
>>>>
>>>> I just updated the encryption manifesto to incorporate feedback
>>>> and clarify a few points:
>>>>
>>>> https://github.com/stpeter/manifesto/blob/master/manifesto.txt
>>>>
>>>> Your feedback (and signatures!) matter.
>>>>
>>>> Peter
>>>>
>>>> - -- Peter Saint-Andre https://stpeter.im/
>>>>
>>>
>>> Hi,
>
> Hi Yann!
>
> BTW thanks for Gajim -- I've been using it on my new Linux laptop and
> I might send you some patches before long. ;-)
Wow great, we'd be proud to have patches from you ;)
>> I'd also would like some clarification about removing plain
>> connection. In some situation (you have a local server for ex) the
>> server can allow only non-secure connections to prevent memory
>> consumption. So should we really disable plain connection or just
>> disable it by default, and require some user advanced configuration
>> to enable it?
>
> As the text is written right now (0.4), requiring channel encryption
> is something that service operators who sign the manifesto commit to.
> Software developers commit only to supporting channel encryption and
> preferring the latest TLS version, cipher suites with forward secrecy,
> etc. I do think disabling unencrypted streams is a smart default. I
> don't particularly want to tell client developers how to (or whether
> to) allow a cleartext connection (e.g., an advanced user setting).
Ok nice. Then you can count my signature as Gajim's dev. We'll do our
best to improve things, and count on those tests to help finding what's
to be improved.
--
Yann
More information about the JDev
mailing list