CAcert Code Development list.

[Marek Michał Mazur <mmazur AT cacert.org>]

W dniu 28.09.2011 21:48, Michael Tänzer pisze:
> Hi Marek,
> 
> On 28.09.2011 19:18, Marek Michał Mazur wrote:
>> W dniu 28.09.2011 18:51, Philipp Gühring pisze:
>>> CertApi both accepts GET and POST, due to different requirements from
>>> clients and webservers. (Some clients only support GET, and some
>>> webservers complain about too long GET requests due to standardised 
>>> limits)
>>
>> Is this reason good enough to explain why users password are stored in
>> httpd logs?
>>
>> For me more secure and sensible would be to use OAuth protocol. Why to
>> reinvent a wheel?
> 
> AFAIK, this stuff was written before the wheel (OAuth) was invented. Yes
> we should do a better API but we don't have enough resources, we are
> even struggling to cope providing fixes for bugs that are way more
> important. Unlike other software projects CAcert doesn't only provide
> software it also provides a service and not a trivial one. Apart from
> that there's a lot of politics and bureaucracy going on due to the
> criticality of the matter. All that needs resources and those are scarce.
> 
> To make a long story short: The API is currently unsupported and to be
> used at your own risk.
> 
> Cheers
So, if I'm bored and you have no resources can I take this task to
create CertAPI?

-- 
Best Regards, / Pozdrawiam,
Marek M. Mazur

http://wiki.cacert.org/MarekMazur

Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME