Some remarks regarding FEP-f1d5: NodeInfo in Fediverse Software - #4 by cjs
The discussion of a possible security issue took place in a toot, and was followed-up on the forum, where - in this situation - it may be decided that this should not be documented in the FEP (as it is arguably a ‘security-by-obscurity’ issue that makes matters worse), BUT…
The issue was a valid point that was brought up, and the decision not to include is possibly made somewhere deep in a long forum discussion thread. Not only should the original author be aware of it, but any other AP implementer should too.
Therefore 2 things may be part of the FEP document format:
- A list of open issues, or rather decision points, where the outcome may be documented too e.g.: “We’ll avoid security-by-obscurity and include version information”
- A link to the forum discussion topic / post where the decision was argumented and taken.