* We should have, it goes without saying, had more extensive test coverage of our implementation ensuring that we were fully implementing the spec so that the whole situation would have been avoided in the first place.

More testing is always a good goal if feasible. However, no spec is perfectly complete, thus no spec is perfectly stable. And no implementation is perfect, thus no implementation is perfectly stable. Suggesting that your implementation be perfect next time as a solution to your current instability might not be the best takeaway here. It seems to me that the takeaway is that instability exists and our (twitter and the dev community) system for dealing with it was too fragile. Being constructive: Perhaps an API release mechanism that can withstand a bit of instability is worth investigating.

* We should have had an email prepared to send out immediately following the deploy explaining the vulnerability and the change that was deployed, encouraging developers to double check that their signatures were in fact being generated correctly.

While I don't disagree at all, why wait until after?
While the number of apps that use the twitter api is many, the number of libraries is few. Perhaps a private list to their primary maintainers is worth investigation. Even if it was just the primaries from the list of libraries on your site: http://apiwiki.twitter.com/OAuth-Examples They might have given you a little warning of the likely panic. Perhaps not enough time to change, but at least enough time to soften the blow with some information.

We're going to do a post-mortem on our side to identify all the things we should have done better. We've read all of your feedback about how this could have been done better. To everyone who has chimed into this thread offering details and help, we extend our thanks.

Not to let this post get too technical -- but my current released code ( OAuth_ObjC_Test_App ) seems to work (e.g. it checks and posts without any problems that I notice), however I'm not entirely sure what corner cases might trigger the failures. If anyone has an idea of what regressions to run, I'd appreciate any info. Thanks.


Reply via email to