[feedjoelpie]

I think the problem with Meteor was mainly that it started punching above its weight too soon. All these fancy demos and then you looked under the covers and it was... basically irresponsible from a security standpoint to ship anything that mattered on Meteor. I know that's been fixed now, but so many people like myself never gave it a second chance. And I wonder if it will ever really get that second chance or if something like it is what will get attention instead.

It's a cautionary tale about why you need to be very clear that your demo alpha isn't fit for general consumption yet. I think that, in the rush to get attention, the Meteor people didn't do a very good job of that. Therefore everyone who took a deep look thought they had uncovered a foul truth that Meteor wasn't what it was hyped to be. And they did. Because the people promoting it didn't talk about that.

[maxharris]

How old is the release you're talking about? I started using Meteor about 18 months ago, and I don't have a clue about what you're referring to. Security has been a complete non-issue for every release I've ever seen.

---

> I know that's been fixed now, but so many people like myself never gave it a second chance.

But what's stopping you from looking now? Meteor security is great, and you should give it another look. One interesting bit: there are only 16 srp implementations listed on the srp page on wikipedia, and Meteor is one of them! http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol