I think a random passphrase, rather than a default one, will cause more confusion among those who don't see that it needs configuring (and don't read their console errors!). I don't want a flood of "Tapestry is broken! What is HMAC?" messages on the user mailing list.
On Thu, Oct 4, 2012 at 4:44 PM, David Rees <[email protected]> wrote: > On Thu, Oct 4, 2012 at 3:49 PM, Lenny Primak <[email protected]> wrote: >> I don't think that for lazy developers it needs to be secure at all :) > > Yep. If not configured, issue a big warning, but continue running. > Then they would be no worse off than they are now. > > -Dave > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > -- Howard M. Lewis Ship Creator of Apache Tapestry The source for Tapestry training, mentoring and support. Contact me to learn how I can get you up and productive in Tapestry fast! (971) 678-5210 http://howardlewisship.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
