|
|
|
|
|
|
by xiongchiamiov
5591 days ago
|
|
|
While the idea of Diaspora is nice and all, I'm not going to start using it until someone convinces me that I don't need to audit every code change. Removing commit access for all of the core developers would be a fantastic start. For those who aren't aware of the issues[0] that were revealed several months ago, Diaspora's devs made some rudimentary security mistakes. Yes, it's an alpha, but as pointed out in the HN thread (which I did not save, and am too lazy to search for), this was basic security - the stuff you have to keep in mind from the start, not stick on later. [0]: http://www.kalzumeus.com/2010/09/22/security-lessons-learned... |
|
|