[jdev] manifesto 0.4

Dave Cridland dave at cridland.net
Wed Oct 30 10:10:21 UTC 2013


On Wed, Oct 30, 2013 at 12:21 AM, Mathieu Pasquet <mathieui at mathieui.net>wrote:

>
> Before signing the manifesto as a software developer, there are
> a few things that are unclear and I’m not sure we can commit to
> this just yet:
>
> Dropping SSLv2 is all good and I’m not even sure why SSLv2 was
> supported initially (doesn’t xmpp appear after SSLv3 was standardized?),
> but dropping SSLv3, while also a good idea, might cause issues with lots
> of servers (not naming legacy ejabberd or openfire under old debian or
> centos). Hopefully, we have some time to wake up some admins before the
> dates set in the manifesto, but I hope the test days will help
> troubleshooting the ones that don’t get the memo.
>
>
Well, I think you've answered your own question there. The manifesto sets
out the aims, but I'm hoping that we're not so blinkered that we cannot
adapt the rules as we go along. So if it turns out that - despite the IM
Observatory's work so far - SSLv3 is essential for interop, and we cannot
work with the affected sites to correct this, then we might revisit that.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20131030/3aa0e5f4/attachment.html>


More information about the JDev mailing list