[OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?

Frederik Ramm frederik at remote.org
Tue Dec 22 18:31:10 GMT 2009


Hi,

Florian Lohoff wrote:
> So encrypting all API calls shouldnt be much of a problem - There is not that
> much data transferred anyway, just a lot of connected with little data in them.

I thought the expensive bit was setting up the connection, not 
transmitting data?

> I'd like to see SSL encrypted connections for everything, there are a lot of
> employees spying on their staff,  governments on their population and people
> each other. I am not afraid in loosing my password to someone as its a unique
> for OSM but the world is full of privacy black holes and we want to support
> our users/mappers against any breach of confidentiality.

I might support that elsewhere but with regard to OSM, my honest plea to 
everyone is: If you have something that should remain secret, DO NOT 
UPLOAD IT TO OSM. Because I (as a member of the project) do not want to 
share responsibility for keeping the secret.

Bye
Frederik

-- 
Frederik Ramm  ##  eMail frederik at remote.org  ##  N49°00'09" E008°23'33"




More information about the talk mailing list