[OSM-dev] Application for Google Summer of Code 2016

2016-02-04 Thread Peter Barth
Hi all, in less than a week the time slot for organizations to apply for this year's Google Summer of Code opens. In my opinion our participation last year (and the years before) had been a success. We got a bunch of coding done, we also got new students that stick with our great project and

Re: [OSM-dev] Usage of the standard dev server

2016-02-04 Thread markus schnalke
Hoi. [2016-02-04 09:15] Paul Norman > On 2/4/2016 8:41 AM, markus schnalke wrote: > [2016-02-04 14:43] Tom Hughes > > > > If you're developing a new editor you should be using OAuth not HTTP > > basic auth. > > If I would be developing a

Re: [OSM-dev] Usage of the standard dev server

2016-02-04 Thread Paul Norman
On 2/4/2016 1:47 PM, markus schnalke wrote: Instead of transmitting the username and password, the oauth token and secret are transmitted. How is that different, besides the ability of restricting the permitted actions? No, the token and secret are used to sign the request. Someone who MITMs

Re: [OSM-dev] Usage of the standard dev server

2016-02-04 Thread markus schnalke
Hoi. > Adding https is also a bit tricky at the moment I think, but should be > possible if/when we switch to letsencrypt. That would be great and important, because HTTP Basic Authentication should not be done unencrypted. In developing an editor, one would want to ensure that the API is

Re: [OSM-dev] Usage of the standard dev server

2016-02-04 Thread Tom Hughes
On 03/02/16 21:51, markus schnalke wrote: Adding https is also a bit tricky at the moment I think, but should be possible if/when we switch to letsencrypt. That would be great and important, because HTTP Basic Authentication should not be done unencrypted. In developing an editor, one would

Re: [OSM-dev] Usage of the standard dev server

2016-02-04 Thread markus schnalke
[2016-02-04 14:43] Tom Hughes > > If you're developing a new editor you should be using OAuth not HTTP > basic auth. If I would be developing a *web* editor, then yes, of course ... but I am working on a command line editor. (You'll hear from that project soon.) meillo

Re: [OSM-dev] Usage of the standard dev server

2016-02-04 Thread Ian Dees
On Thu, Feb 4, 2016 at 11:41 AM, markus schnalke wrote: > [2016-02-04 14:43] Tom Hughes > > > > If you're developing a new editor you should be using OAuth not HTTP > > basic auth. > > If I would be developing a *web* editor, then yes, of course ... but > I