Comment by steveklabnik

3 years ago

I hope I never work on software you folks use. The grand claims about something that is not even hard to fix is just wild to me.

Being easy to fix is completely irrelevant. The thing is that it's easy to avoid. The only way to end up there is to not put any thought into the domain verification scheme before deploying it. Any kind of review would catch it. That's what makes it look really bad.

If your response to a fundamental design flaw of identy verification is "something that is not even hard to fix" then that hope is mutual.

What about the next 500 easy-to-fix bugs?

Is there a public test suite?

  • > Is there a public test suite?

    The entire specification (which is admittedly incomplete) and implementation are open source.

    I am not aware of a dedicated test suite for alternative implementations. It's too early, IMHO. I personally would much prefer the team to focus their time elsewhere for the time being.

    • My instincts may be way off-base, but if I was developing a protocol at the core of my product vision, even if there was only one implementation, I would a want an authoritative test suite. I wouldn't trust myself not to integrate load-bearing idiosyncrasies (and bugs, honestly) otherwise.

      1 reply →