eosjs2
eosjs2 copied to clipboard
EOSIO
Should we change the terminology around "default signature provider"?
"Default" suggests to me that it should be my first choice. Really though, we don't want developers to use the default signature provider, we want them to choose one provided by a secure service.
Should we change the terminology to something else that suggests it shouldn't be used in production. Some things like:
- development signature provider
- dev-mode signature provider
- test signature provider
- in-memory signature provider
- open to other ideas
If we did this, it would probably require a minor change to the code itself, and to the README.
I like the idea of development signature provider. We should consider the non hardware based sig providers insecure by default.
I didn't think we used the term "default" to refer to that signature provider, so I checked. It looks like we don't. Maybe you're referring to eosjs2_jssig's default export?
defaultPrivateKey should probably be renamed. There's nothing default about it...
I didn't think we used the term "default" to refer to that signature provider, so I checked. It looks like we don't. Maybe you're referring to
eosjs2_jssig's default export?
Yes, this. But also, for whatever reason we use the terminology "default signature provider" when talking about this, so something about the code has prompted this lexical behavior.