Obviously we're on the same page on that, this case is more nuanced. The status api is a low level api that exposes legacy design decisions by necessity, it's not easy to use safely. The high level api is called gpgme, it uses the status api internally. 1/2
-
-
The GPG project itself is vouching for the interface we’re talking about, which is why it’s an issue.
-
I don't speak for them, but I think they vouch for it in the same way that openssl vouches for the bn library: they use it and rely on it. They're pretty upfront that status api is complex and clients should use gpgme, read this blurb: https://www.gnupg.org/software/gpgme/index.html …
- 4 more replies
New conversation -
-
-
I'm not arguing for unauthd crypto, I'm not saying pgp is good UX, I'm not saying that it's not a bug if an api exposes plaintext before auth - I'm saying if you poke around in internals, it's not the libraries fault when things go wrong. I don't think this is a crazy position!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
