This repository has been archived by the owner on Dec 9, 2019. It is now read-only.
Should we change the terminology around "default signature provider"? #67
Comments
|
I like the idea of development signature provider. We should consider the non hardware based sig providers insecure by default. |
|
I didn't think we used the term "default" to refer to that signature provider, so I checked. It looks like we don't. Maybe you're referring to |
|
|
Yes, this. But also, for whatever reason we use the terminology "default signature provider" when talking about this, so something about the code has prompted this lexical behavior. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
"Default" suggests to me that it should be my first choice. Really though, we don't want developers to use the default signature provider, we want them to choose one provided by a secure service.
Should we change the terminology to something else that suggests it shouldn't be used in production. Some things like:
If we did this, it would probably require a minor change to the code itself, and to the README.
The text was updated successfully, but these errors were encountered: