summaryrefslogtreecommitdiff
path: root/doc/bugs/cannot_connect_to_xmpp_server
diff options
context:
space:
mode:
authorGravatar https://john-millikin.com/ <John_Millikin@web>2013-07-22 01:50:41 +0000
committerGravatar admin <admin@branchable.com>2013-07-22 01:50:41 +0000
commitf8de25a7a34c33259e57cca1ab3b09bd3e759e86 (patch)
tree960e1a79c98f10d9db7a5d74dd5a518b2e31f4c9 /doc/bugs/cannot_connect_to_xmpp_server
parentcf480e5d62b8ff355c85ea3d7d94faa77f5d4970 (diff)
Added a comment
Diffstat (limited to 'doc/bugs/cannot_connect_to_xmpp_server')
-rw-r--r--doc/bugs/cannot_connect_to_xmpp_server/comment_11_4d4abd00b5568e2afbb958ce219b786a._comment16
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/bugs/cannot_connect_to_xmpp_server/comment_11_4d4abd00b5568e2afbb958ce219b786a._comment b/doc/bugs/cannot_connect_to_xmpp_server/comment_11_4d4abd00b5568e2afbb958ce219b786a._comment
new file mode 100644
index 000000000..0ad63656b
--- /dev/null
+++ b/doc/bugs/cannot_connect_to_xmpp_server/comment_11_4d4abd00b5568e2afbb958ce219b786a._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="https://john-millikin.com/"
+ nickname="John Millikin"
+ subject="comment 11"
+ date="2013-07-22T01:50:40Z"
+ content="""
+(I'm the author of the XMPP library git-annex uses)
+
+The biggest issue I can think of with continuing in the absence of a <features> element is authentication. Without <features> the client library is not able to know which SASL mechanisms are supported, so it can't authenticate.
+
+It is possible to modify the XMPP library such that it can work around the problems exibited by this server software (adding a timeout to <features> receipt, hardcoding a fallback SASL list), but I very much do not want to do that because it would almost certainly cause unexpected behavior when used with properly working servers.
+
+According to http://www.mail-archive.com/jdev@jabber.org/msg10598.html , jabberd-1.4.3 was released in 2003. Since its release, there have been multiple severe security issues discovered, including a remote crash (see http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1378 ).
+
+In my opinion, the best course of action is for Daniel to switch to a different Jabber server software, preferably one that is still actively maintained.
+"""]]