On Wed, Feb 11, 2009 at 3:01 PM, Jonathan Schleifer <[email protected]> wrote: > Just a reason NOT to require a PW for the owner: Some admin might have > changed it and now the owner can't join the room anymore or change it back. >
That same admin could simply remove the owner from the owner list and be done :) This single issue aside however, I do think that the total lack of any way to track which services a JID is affiliated with is scary. This affects transports/gateways, MUCs, etc. Are roster subscriptions even cancelled on account removal? The hardest case to cover is that of a server going down, and coming back up with an empty user database. It is a flaw in our otherwise secure identity. Perhaps it isn't seen as worth solving though? (I have seen little discussion of this problem to date) Matthew.
