mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

removed

Browse source
This commit is contained in:
https://john-millikin.com/ 2013-07-22 01:51:23 +00:00 committed by admin
parent 109ae4b6b3
commit d4f387ccf6
1 changed files with 0 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

16
doc/bugs/cannot_connect_to_xmpp_server/comment_11_4d4abd00b5568e2afbb958ce219b786a._comment
View file

@ -1,16 +0,0 @@
[[!comment format=mdwn
username="https://john-millikin.com/"
nickname="John Millikin"
subject="comment 11"
date="2013-07-22T01:50:40Z"
content="""
(I'm the author of the XMPP library git-annex uses)
The biggest issue I can think of with continuing in the absence of a <features> element is authentication. Without <features> the client library is not able to know which SASL mechanisms are supported, so it can't authenticate.
It is possible to modify the XMPP library such that it can work around the problems exibited by this server software (adding a timeout to <features> receipt, hardcoding a fallback SASL list), but I very much do not want to do that because it would almost certainly cause unexpected behavior when used with properly working servers.
According to http://www.mail-archive.com/jdev@jabber.org/msg10598.html , jabberd-1.4.3 was released in 2003. Since its release, there have been multiple severe security issues discovered, including a remote crash (see http://mail.jabber.org/pipermail/jabberd/2004-September/002004.html and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1378 ).
In my opinion, the best course of action is for Daniel to switch to a different Jabber server software, preferably one that is still actively maintained.
"""]]