Corrected: "Overuse of the term by almost every web app since 2002, including GMail, notwithstanding."
On Thu, Apr 23, 2009 at 10:01 AM, Ed Finkler <funkat...@gmail.com> wrote: > > That is, in fact, what "Beta" typically means: "not suitable for > production use." Overuse of the term by a few popular web apps > notwithstanding. > > -- > Ed Finkler > http://funkatron.com > Twitter:@funkatron > AIM: funka7ron > ICQ: 3922133 > XMPP:funkat...@gmail.com <xmpp%3afunkat...@gmail.com> > > > On Apr 23, 9:25 am, mikehar <m...@picnik.com> wrote: > > Also, I'm a little taken aback by the "it's beta" rationalization for > > the massive disruption in service. It's one thing to mark it as public > > beta, it's another thing entirely to define 'beta' belatedly as "not > > suitable for production use". Does that mean we get an SLA on the non- > > beta APIs? > > > > On Apr 23, 1:44 am, twitscoop <lollic...@gmail.com> wrote: > > > > > Hi guys, is there an ETA for it to be restored ? It seems Oauth's > > > recommended approach is to simply add a warning notice on > > > authorization until this is fixed (this is what Google did). Anyways, > > > even with this security flow, oauth is safer than providing twitter > > > credentials to third parties... > > > > > Thanks! > > > Pierre > > > > > On Apr 23, 7:30 am, Doug Williams <d...@twitter.com> wrote: > > > > > > Bill, > > > > The majority of our developers find OAuth sufficient because they are > > > > writing a Web applications. We are pleased that the deprecation of > the > > > > source parameter lowered our support load and continues to drive > adoption of > > > > our preferred authentication scheme. > > > > > > There are of course other cases where developers find the current > > > > implementation's beta status or browser requirement concerning. I > have yet > > > > to reject a source parameter request that provides a valid argument > > > > explaining why OAuth does not meet the application's needs. > > > > > > Thanks, > > > > Doug Williams > > > > Twitter API Supporthttp://twitter.com/dougw > > > > > > On Wed, Apr 22, 2009 at 6:50 PM, Bill Robertson > > > > <billrobertso...@gmail.com>wrote: > > > > > > > I respectfully disagree. (I would colorfully disagree, but you > seem > > > > > pretty beat up right now and you don't deserve any guff) I think > > > > > developers of smaller apps see that little tag-line as a good > source > > > > > of advertising, and it seems inaccessible now if you're new (right? > > > > > wrong?). You can only get it if you use OAuth, but OAuth is now > > > > > disabled? > > > > > > > Anyway, just my $0.02. Prioritize it like everything else you need > to > > > > > do (i.e. it's the 37th #1 thing on your list.) > > > > > > > Good luck. > > > > > > > On Apr 22, 7:58 pm, Alex Payne <a...@twitter.com> wrote: > > > > > > We don't consider source registration a "key feature". It's an > > > > > > incentive we provide to our developers. We wanted to encourage > new > > > > > > developers to look into OAuth. It won't be in beta forever, after > all. > > > > > > > > We have to balance the reality of testing a new technology in our > > > > > > stack with encouraging that technology's adoption. OAuth will > provide > > > > > > the Twitter developer community with a number of benefits, and > that's > > > > > > the direction in which we want to move, even while there are > kinks to > > > > > > work out. > > > > > > > > On Wed, Apr 22, 2009 at 15:37, bwannon <bwan...@gmail.com> > wrote: > > > > > > > > > If beta for you guys means "still in testing, not suitable for > > > > > > > production use", then why depreciate key features from basic > auth like > > > > > > > source registration before you have a production ready release? > > > > > > > > > On Apr 22, 3:27 pm, Alex Payne <a...@twitter.com> wrote: > > > > > > >>http://blog.twitter.com/2009/04/whats-deal-with-oauth.html > > > > > > > > >> In short: there's a security issue with OAuth, and the major > OAuth > > > > > > >> providers are working together to patch the vulnerability > before > > > > > > >> information about the issue is publicly released. That > information > > > > > > >> will be available athttp://oauth.net/atmidnight, PST. > > > > > > > > >> In cooperation with this consortium of other OAuth providers > > > > > > >> (including Yahoo!, Google, Netflix, etc.), we agreed not to > disclose > > > > > > >> the nature of the vulnerability, nor even that a vulnerability > > > > > > >> existed, until all members of the group agreed to do so. I > apologize > > > > > > >> for what must have seemed unnecessarily tight-lipped > communication > > > > > > >> around this issue, but please understand that we and the other > > > > > > >> companies involved are trying to mitigate the impact of this > > > > > > >> vulnerability as much as possible. > > > > > > > > >> Please also note that our OAuth support is in beta, albeit > public > > > > > > >> beta. We have not suggested to developers that they rely > solely on > > > > > > >> OAuth until our support of the standard leaves beta. I know > that some > > > > > > >> companies practice a policy of "perpetual beta", but at > Twitter, we do > > > > > > >> not. For us, "beta" really means "still in testing, not > suitable for > > > > > > >> production use". > > > > > > > > >> Thanks for your patience and understanding. > > > > > > > > >> -- > > > > > > >> Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x > > > > > > > > -- > > > > > > Alex Payne - API Lead, Twitter, Inc. > http://twitter.com/al3x-Hidequoted text - > > > > > > - Show quoted text - > > > > >
