| 1 |
On 02/18/15 13:47, hasufell wrote: |
| 2 |
> Matt Turner: |
| 3 |
>> On Wed, Feb 18, 2015 at 9:56 AM, hasufell <hasufell@g.o> wrote: |
| 4 |
>>> Are you saying you only share the code with your buddies? In that case, |
| 5 |
>>> it is against our social contract as well. |
| 6 |
>> |
| 7 |
I have not shared the code in question with anyone at all, I also happen |
| 8 |
to have never been on the team that wrote, maintains, and uses is. |
| 9 |
|
| 10 |
Knowing a claim is false does not automatically make one the subject of it. |
| 11 |
>>> Not only that, it is even a serious security problem since the developer |
| 12 |
>>> community doesn't know how these things are packaged and neither do the |
| 13 |
>>> users. |
| 14 |
>> |
| 15 |
>> There's a serious security problem if they were to release the scripts |
| 16 |
>> (passwords and all) right this second. |
| 17 |
>> |
| 18 |
> |
| 19 |
> This statement makes me wonder if you really understand opensource (or |
| 20 |
> even free software). |
| 21 |
> |
| 22 |
> Maybe the recruitment quizzes need to be fixed in this regard. |
| 23 |
> |
| 24 |
While embedding authorization tokens in a script is not exactly in |
| 25 |
keeping with best practices, implying that the only concern in |
| 26 |
publishing a script which you have been told includes such tokens is |
| 27 |
your own desire for it to be published is at best ignorant. As such, you |
| 28 |
would appear to be in dire need of basic information security training. |
Archives