diff options
author | Joey Hess <joey@kitenet.net> | 2013-07-21 21:53:44 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2013-07-21 21:53:44 -0400 |
commit | d0d0eefa32dda9173dd7ec860d589c99f8a12364 (patch) | |
tree | aed75ad13d08168f4a31f7829c2ac242de93ca17 | |
parent | 9f594526b77bfcd14b00726f00f04d32f867a80f (diff) | |
parent | 0c5af3b13774c7e34dc3c90c7a4f1901b042d6a7 (diff) |
Merge branch 'master' of ssh://git-annex.branchable.com
-rw-r--r-- | doc/bugs/cannot_connect_to_xmpp_server/comment_11_dabd74bba1f38b326a2d0c86d3027cd9._comment | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/bugs/cannot_connect_to_xmpp_server/comment_11_dabd74bba1f38b326a2d0c86d3027cd9._comment b/doc/bugs/cannot_connect_to_xmpp_server/comment_11_dabd74bba1f38b326a2d0c86d3027cd9._comment new file mode 100644 index 000000000..2ceb4c08f --- /dev/null +++ b/doc/bugs/cannot_connect_to_xmpp_server/comment_11_dabd74bba1f38b326a2d0c86d3027cd9._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="https://john-millikin.com/" + nickname="John Millikin" + subject="comment 11" + date="2013-07-22T01:52:41Z" + content=""" +(I'm the author of the XMPP library git-annex uses) + +The biggest issue I can think of with continuing in the absence of a <features> element is authentication. Without <features> the client library is not able to know which SASL mechanisms are supported, so it can't authenticate. + +It is possible to modify the XMPP library such that it can work around the problems exibited by this server software (adding a timeout to receipt, hardcoding a fallback SASL list), but I very much do not want to do that because it would almost certainly cause unexpected behavior when used with properly working servers. + +According to <a href=\"http://www.mail-archive.com/jdev@jabber.org/msg10598.html\">http://www.mail-archive.com/jdev@jabber.org/msg10598.html</a> , jabberd-1.4.3 was released in 2003. Since its release, there have been multiple severe security issues discovered, including a remote crash (see <a href=\"http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html\">http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html</a> and <a href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1378\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1378</a>). + +In my opinion, the best course of action is for Daniel to switch to a different Jabber server software, preferably one that is still actively maintained. + +"""]] |