libravatar-fans team mailing list archive

[Francois Marier <francois@xxxxxxxxxxx>]

On 2012-08-03 at 06:40:10, Christian Weiske wrote:
> Please remember we're talking about a specification here. I'm very glad
> that the HTTP spec does not give us a list of allowed HTTP headers but
> we're allowed to add our own.
> 
> Think about it in a similar way: Don't artificially limit what people
> can do with the API. Limits are good, but in this case it seems silly
> to me to limit it to 4 or 5 types supported by one software.
> 
> About the "you're the only implementation": I may be, but perhaps I'm a
> company/community with thousands of users. Should I really have to
> break the specification to get my pony avatars?
> 
> Then I blog about it and other avatar server admins like the idea and
> install the pony plugin on their server. At once there are 100 servers
> breaking the specification.

You're right, I can see the value of making this easily extensible now.

> Please just provide the range "^[a-z0-9]+$", and tell people they may
> do when they don't support the given default mode. Apart of "404", which
> should be mandatory to implement.

Ok, so how about this?

- "404" and "mm" are mandatory
- all other special values are optional 
- special values are all [a-z][a-z0-9]+ (i.e. start with a letter)
- if a site doesn't support a special value, it must use "mm" instead

> I'd need to research that. But even if SPDY would be delivered via
> http://, there is no way to determine if the client supports it, or
> normal HTTP/HTTPS only. So my point is moot :)
> 
> So the spec should state that if the client wants https, and the server
> does not offer it, libravatar MUST be asked via https.

Agreed.

Cheers,
Francois

-- 
Francois Marier           identi.ca/fmarier
http://fmarier.org      twitter.com/fmarier