Râu Cao
Râu Cao
Yer, that would explain it to the person who wants to fix it then.
If you just write a test, someone can pick it up and fix it without pairing. As I said, Internet connection here is not sufficient for remote pairing. Edit: or...
I can pair on this now.
> A webview cannot always be used, and is also a bad idea for security. One does not know where the password is being typed. I would never do that...
You can hardly convince other people by repeating "let's just do it" often enough. You still haven't put forward a clear attack case that is realistic with rs.js and servers...
Why? Same situation as before. > Actually, it is the other way around. Not implementing it requires justification. Following the specification, best practices and security recommendations does not. I am...
Yup, exactly. > My feelings? I suggest following security recommendations. Well, I guess you can classify that that is me feeling like it is a good idea to follow those...
So, in regards to the storage-first auth, I think the new widget should _definitely_ follow the spec in that regard and clearly show that it just connected to sth, and...
Ironically, this feature was added to the spec for something that @fkooman was working on at the time, and I personally was opposed to it. History is funny like that....
> It could even prompt whether the user is fine with that. It probably should try a sync with the old credentials and data to avoid data loss. Prompt is...