From d4f387ccf6759462ea3ef05a3e6edc57f45cc1c0 Mon Sep 17 00:00:00 2001 From: "https://john-millikin.com/" Date: Mon, 22 Jul 2013 01:51:23 +0000 Subject: [PATCH] removed --- ..._11_4d4abd00b5568e2afbb958ce219b786a._comment | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 doc/bugs/cannot_connect_to_xmpp_server/comment_11_4d4abd00b5568e2afbb958ce219b786a._comment diff --git a/doc/bugs/cannot_connect_to_xmpp_server/comment_11_4d4abd00b5568e2afbb958ce219b786a._comment b/doc/bugs/cannot_connect_to_xmpp_server/comment_11_4d4abd00b5568e2afbb958ce219b786a._comment deleted file mode 100644 index 0ad63656ba..0000000000 --- a/doc/bugs/cannot_connect_to_xmpp_server/comment_11_4d4abd00b5568e2afbb958ce219b786a._comment +++ /dev/null @@ -1,16 +0,0 @@ -[[!comment format=mdwn - username="https://john-millikin.com/" - nickname="John Millikin" - subject="comment 11" - date="2013-07-22T01:50:40Z" - content=""" -(I'm the author of the XMPP library git-annex uses) - -The biggest issue I can think of with continuing in the absence of a element is authentication. Without the client library is not able to know which SASL mechanisms are supported, so it can't authenticate. - -It is possible to modify the XMPP library such that it can work around the problems exibited by this server software (adding a timeout to receipt, hardcoding a fallback SASL list), but I very much do not want to do that because it would almost certainly cause unexpected behavior when used with properly working servers. - -According to http://www.mail-archive.com/jdev@jabber.org/msg10598.html , jabberd-1.4.3 was released in 2003. Since its release, there have been multiple severe security issues discovered, including a remote crash (see http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1378 ). - -In my opinion, the best course of action is for Daniel to switch to a different Jabber server software, preferably one that is still actively maintained. -"""]]