hi! I'm trying to make the getting started guide again with an example that is useful for something, also I wanted to have code that handled verification according to the spec.
for that I'm sending the secret to the hub to verify it when the receiver receives the notification, the thing is that it seems the hub I'm ussing (https://pubsubhubbub.appspot.com/) doesn't send hub.secret when notifying subscribers. the spec says " hub.secretOPTIONAL. A subscriber-provided secret string that will be used to compute an HMAC digest for authorized content distribution. If not supplied, the HMAC digest will not be present for content distribution requests. This parameter SHOULD only be specified when the request was made over HTTPS [RFC2818]. This parameter MUST be less than 200 bytes in length." looking at the code (mainly pubsubhubbub/hub/main.py line 2896) don't seem to show it's being sent, also grep'ing for hub.secret doesn't bring useful result. is that so? X-Hub-Signature is being sent but if the secret is unique for each subscription and I can't recover it when the request is done then I can't verify that the notification is valid am I missing something?
