[OSM-talk] Why doesn't OSM implement a simple measure to protect it's users and passwords?
John Smith
deltafoxtrot256 at gmail.com
Fri Dec 25 09:38:58 GMT 2009
2009/12/23 Kai Krueger <kakrueger at gmail.com>:
> I think pretty much everything has already been said on this topic, but
> writing emails and trac tickets is so much easier than writing patches...
Then you aren't really reading the emails on this topic.
> And John, you are a java programmer, right? So you would presumably actually
> have the technical skills to write patches, which admittedly not everyone
> has.
What patches am I supposed to write exactly?
TomH hasn't given any specific information on how SSL may be
implemented on OSM systems.
Passwords are long past their use by date and I don't think OAuth is a
valid security method.
In this day and age we should have moved to mutual cryptographic
authentication a long ago.
However there is little point in wasting time doing anything until OSM
does something, since what ever they do will directly impact on client
software.
More information about the talk
mailing list