lol768
commented
8 years ago Is that a good idea from a security POV?
Closed Zarthus closed 8 years ago
lol768
commented
8 years ago Is that a good idea from a security POV?
mbax
commented
8 years ago It's security through obscurity. If KICL has an exploitable bug, odds are someone is going to try it regardless of version displayed, as it's trivial to communicate over IRC.
mbax
commented
8 years ago I'm not sure what type of release (major, minor, patch) this should be, as some folks might consider it a breaking change to their security (through obscurity) model.
I think I'm safe making it major, as I intend on releasing 3.0.0 some time in the next month. Thoughts?
Zarthus
commented
8 years ago I'd say minor, this doesn't break anything, is easy to fix, and I do not believe it affects security at all.
If you're going to have a major release every time a default setting changes your version number is going to be very big, and I think if you don't read the patch notes when upgrading software and still have a problem with it being a "breaking change" because you're paranoid about security, you weren't being paranoid enough because you're okay with upgrading software blindly.
AKPWebDesign
commented
8 years ago Hey, what's wrong with having a really high version number?
mbax
commented
8 years ago
The default realname should probably include the library version being used.