That's a good point -- the security issue will never go away entirely.
Some people prefer convenience over security, and wide-open access might
actually be totally appropriate for some people.
What I was trying to say is that if we at least offer a password feature
that's easy and obvious (e.g., "Click here to add a password" or some
such) then the responsibility for security problems lies clearly with
the users who choose not to use passwords.
If instead all we offer is no password at all, or something
approximating password-protection that uses a non-obvious workaround,
then we would end up owning part of the responsibility for users not
protecting their shared calendars -- because we didn't give people an
obvious, straightforward way to do it.
I hope that makes sense.
Brian Moseley wrote:
i don't dispute that, but we already have this single-click feature
that you are pointing out as a security hole, and mimi's proposal
makes the collection password optional, so we're never going to make
the security issue go away entirely. some people are just going to
reject security in favor of convenience. i don't have any problem with
that as long as we also provide (eventually) for people who want
better security (eg acl).
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Design" mailing list
http://lists.osafoundation.org/mailman/listinfo/design
