[sldev] [POLICY] Development by consensus (Re: Question regarding upcoming maintenance on 11/27-11/28)

[Argent Stonecutter]

On 25-Nov-2007, at 10:39, Lawson English wrote:
> I think that all these concerns can be solved by creating a client  
> that logs in to a test server using the new method, letting  
> everyone with concerns use it and try to break it,  and provide  
> feedback based on their experience.

First off, you can't "test in" security.

Second, even if you could, the remaining concerns I have with the new  
design include issues that are not testable by trying to break it  
like this:
* Phishing.
* Alternate viewers.
* Alt accounts.
* HTML-based "API" stability over the long term.

They have resolved one problem - persistence - by abandoning it.  
That's a step forward.

* Having a web page as part of the sign-in process makes phishing  
loads easier.
* They have made some comments about a front end that would allow you  
to select different viewers, but provided no details.
* For alts, they simply suggested logging in and out of the website.

I'd really like to know more about the real issues behind this. The  
ones they can't disclose.