[jdev] manifesto 0.4

Kevin Smith kevin at kismith.co.uk
Wed Oct 30 17:08:04 UTC 2013


On Wed, Oct 30, 2013 at 4:55 PM, Peter Saint-Andre <stpeter at stpeter.im>wrote:

> >> Do we need, to be consistent, to disable the protocol but
> >> indicate to the user he will need to perform an extra action to
> >> be able to connect, or do we need to make the connection
> >> impossible in any case?
>
> IMHO it's usually not a great idea to give the user insecure options. :)
>

At the risk of derailing discussions or adding noise, it's worth noting
that not everyone's opinion of what is insecure is the same and varies by
context. I have worked with some XMPP systems where the connection method
doesn't involve TLS that I would consider pretty secure.

Service providers on the Internet will probably be fine with committing to
all this stuff, but we should (IMNSHO) continue to stop short of suggesting
to devs what their software needs to do by default (I think it's sensible
to suggest things that need to be supported).

/K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20131030/661687ca/attachment.html>


More information about the JDev mailing list