On Mon, Apr 4, 2016 at 3:53 PM, David Woodhouse <dw...@infradead.org> wrote: > Of course it's an API change. But as noted, it's an API *addition*, in > that it makes something work that didn't before. > > The criterion for such additions should be "if it isn't a *bad* thing > for that to start working". > > What's missing from your argument is the bit where you explain why it's > *bad* for an explicitly user-entered PKCS#11 URI to suddenly start > working. That was, after all, the *point* of suggesting that the > existing functions should be changed to accept such.
I've already tried to explain this several times to you. I don't feel there's anything more useful to contribute. I'm not sure if you don't understand, or you're not convinced, but in either event, I have neither the time nor energy to continue to try to convince you, especially when you seem fundamentally opposed to exploring or articulating the reasons why not to pursue alternatives. There are plenty of useful features we've introduced that are opt-in by default, especially when their enablement leads to observable changes. This is even true of security-relevant changes, due to the potential to cause unexpected harm. You clearly don't seem interested in taking a conservative or responsible choice - such as allowing applications that wish to support PKCS#11 URIs to opt-in. In any event, there's nothing more to say here, I remain opposed to this change, and I feel I've given you enough good faith, in spite of the original belligerence, in this to have made an attempt to explain to you those reasons and concerns. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
