[jdev] manifesto 0.4

Peter Saint-Andre stpeter at stpeter.im
Thu Oct 31 16:12:33 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/30/13 12:55 PM, Yann Leboulanger wrote:
> On 10/30/2013 05:55 PM, Peter Saint-Andre wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 10/30/13 8:36 AM, Yann Leboulanger wrote:
>>> On 10/30/2013 01:21 AM, Mathieu Pasquet wrote:
>>>> On Tue, Oct 29, 2013 at 05:09:32PM -0600, Peter Saint-Andre 
>>>> wrote:
>>>>> 
>>>>> I just updated the encryption manifesto to incorporate
>>>>> feedback and clarify a few points:
>>>>> 
>>>>> https://github.com/stpeter/manifesto/blob/master/manifesto.txt
>>>>>
>>>>>
>>>>> 
Your feedback (and signatures!) matter.
>>>>> 
>>>>> Peter
>>>>> 
>>>>> - -- Peter Saint-Andre https://stpeter.im/
>>>>> 
>>>> 
>>>> Hi,
>> 
>> Hi Yann!
>> 
>> BTW thanks for Gajim -- I've been using it on my new Linux laptop
>> and I might send you some patches before long. ;-)
> 
> Wow great, we'd be proud to have patches from you ;)
> 
>>> I'd also would like some clarification about removing plain 
>>> connection. In some situation (you have a local server for ex)
>>> the server can allow only non-secure connections to prevent
>>> memory consumption. So should we really disable plain
>>> connection or just disable it by default, and require some user
>>> advanced configuration to enable it?
>> 
>> As the text is written right now (0.4), requiring channel
>> encryption is something that service operators who sign the
>> manifesto commit to. Software developers commit only to
>> supporting channel encryption and preferring the latest TLS
>> version, cipher suites with forward secrecy, etc. I do think
>> disabling unencrypted streams is a smart default. I don't
>> particularly want to tell client developers how to (or whether 
>> to) allow a cleartext connection (e.g., an advanced user
>> setting).
> 
> Ok nice. Then you can count my signature as Gajim's dev. We'll do
> our best to improve things, and count on those tests to help
> finding what's to be improved.

Thanks! I've added you to the signers.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJScoFxAAoJEOoGpJErxa2pPm4P/R3ylH4lfb6/okfni4KmS2Mx
xTwR1YvRlfTNaS70FDuS1xnecMwuhSh7kd/Z/e7XL5DB/MZsqqmq/NrK6zY4tZBS
SI+pvk0Ord9uoW9RrlVQG3PcHFF15ekDKZHaFNCbihZcde9P2pMQtujQJczij6xX
TAHAERLMHRt4jfqlKAiN9qS0asC+dT/SKemfOdo47fwcdmVme2dvXERN4xzgCtII
U0ph45I/E3s7Y/SzzoF36oE+QeTm/DG0V2Ud00CA2p88j/ZmpvtLOJaP79F9N2Fv
owH676NfWGLJMKBVLodLL4jVtsYehRXn5sR7v9cnDyZ8QmPRtIJuypflX5b4w6Pf
aQEZASOBgLcZ3HxZZtKXh/HfpT58R8rHo9Or+4OK+0kVvwTpJRPvzFt04uY3HF4a
4jSnc0RV2N60wbyjmLqT9hsYGW2Diu3sStcsSvPE88uWr6HZnTJPUQ3D07B3ojb2
bn0kvdRszthGH3tC6cbv3YyvEQFWFkGed0CO79Yodg0ACA3tgMgkkje3AYrqdKgS
WyDfQFzpqbW/PekxC7vinJ+l/6+OYmOURW7+hJzLwDJ4S+nUnHHCM+ra6HM2MQCL
ig1Wp7DOnmPIbuoF6ZZJM5beo117R+06ReaTjeKuji8tpDJiutmdNoaj8vxEFHLs
GIkasq71kgNTWJwUmRbb
=91LC
-----END PGP SIGNATURE-----

More information about the JDev mailing list