-
Notifications
You must be signed in to change notification settings - Fork 1k
fix(docs): update state of TCS compliance #5244
base: master
Are you sure you want to change the base?
Conversation
1.0.1: I took a look at the code and it's using 2.2.5 I think that means it must be square, not that we are not allowed to scale it. 3.5.2 MD support can be turned of or into hybrid mode, not sure if that would be ok though. We should extend TCS to specify which MD flavour or formatting style should be used. 5.1.3 Is a bad idea for privacy, since you expose all PKs of friends by following it. 5.1.2 Makes no sense, maybe they meant to store it in OS specific directory? |
I think it depends on the server but maybe we can somehow make sure to never allow http connection?
I guess it's just outdated.
Very good point. |
If we're connecting via HTTPS, we can't be downgraded to HTTP (our HTTPS protocol version may be downgraded, though, depending on both our's and the server's lowest support HTTPS protocol version). https://moxie.org/software/sslstrip/ works by intercepting HTTP, preventing it from starting to connect to HTTPS:
If our client is connecting by HTTPS explicitly, if it's tampered with or intercepted we we will get certificate errors, whether or not the server is using HSTS. |
What now? |
sorry, totally forgot about this. Seems I'm strongly against implementing 5.1.3 For 3.5.2 and 5.1.2 we'd need a clarification in the standard, IDK what to do about this one? |
Also we should consider the possibility that TCS is effectively dead, I got no responses to Tox/Tox-Client-Standard#35 |
I expected it might be dead, but that's good to know. We will need to fork it then, give access to the repo to all currently active developers, propose new modifications and make a decision together (by vote?). Maybe we should close this PR and come back to it after we fix the standard? |
Partially fixes #5243
Notes:
1.0.1 - do we use only encrypted connection when using toxme.io?
2.2.5 - we display avatars in different sizes in different places. Do we display it in full size as well?
3.5.2 - we don't meet this requirement because of markdown support
5.0.4 - does %APPDATA% variable ALWAYS point to AppData/Roaming on all supported Windows systems?
5.1.1, 5.1.2 - we don't store avatars in the root of client's current working directory. It would be a contradiction to 5.0.4. This part of TCS needs to be rewritten
This change is