* We should have, it goes without saying, had more extensive test
coverage of our implementation ensuring that we were fully
implementing the spec so that the whole situation would have been
avoided in the first place.
More testing is always a good goal if feasible. However, no spec is
perfectly complete, thus no spec is perfectly stable. And no
implementation is perfect, thus no implementation is perfectly stable.
Suggesting that your implementation be perfect next time as a solution
to your current instability might not be the best takeaway here. It
seems to me that the takeaway is that instability exists and our
(twitter and the dev community) system for dealing with it was too
fragile.
Being constructive: Perhaps an API release mechanism that can
withstand a bit of instability is worth investigating.
* We should have had an email prepared to send out immediately
following the deploy explaining the vulnerability and the change
that was deployed, encouraging developers to double check that their
signatures were in fact being generated correctly.
While I don't disagree at all, why wait until after?
While the number of apps that use the twitter api is many, the number
of libraries is few. Perhaps a private list to their primary
maintainers is worth investigation. Even if it was just the primaries
from the list of libraries on your site: http://apiwiki.twitter.com/OAuth-Examples
They might have given you a little warning of the likely panic.
Perhaps not enough time to change, but at least enough time to soften
the blow with some information.
We're going to do a post-mortem on our side to identify all the
things we should have done better. We've read all of your feedback
about how this could have been done better. To everyone who has
chimed into this thread offering details and help, we extend our
thanks.
Not to let this post get too technical -- but my current released code
( OAuth_ObjC_Test_App ) seems to work (e.g. it checks and posts
without any problems that I notice), however I'm not entirely sure
what corner cases might trigger the failures. If anyone has an idea
of what regressions to run, I'd appreciate any info. Thanks.
Isaiah
