Hi Gregg, I agree that sample apps have to be maintained, so yes they should be fixed, when they are discovered to be broken.
But (unfortunately) the small handful of devs working on security features cannot maintain all the sample apps. So the best course IMO is to refer to the examples we’ve provided, update the .json files, re-encode the .dat files using json2cbor (see wiki) and try to get the samples working. If that fails, and appears to be due to security issue (e.g. “Access Denied” when it should be granted), then a P3 bug should be filed, and labeled “security”, and assigned to Randeep Singh (security maintainer) for dispositioning. In order to ensure the bug has a better chance of getting looked at, the two log files (client.log and server.log) from a debug build should also be attached to the JIRA ticket. Thanks, Nathan From: Gregg Reynolds [mailto:[email protected]] Sent: Friday, July 14, 2017 1:20 PM To: Heldt-Sheller, Nathan <[email protected]> Cc: [email protected]; Mats Wichmann <[email protected]> Subject: Re: [dev] many IoTivity samples broken with security On Jul 14, 2017 3:08 PM, "Heldt-Sheller, Nathan" <[email protected]<mailto:[email protected]>> wrote: Hi Omar, Mats, ... thanks for the detailed explanation. but the fact remains: the sample code is broken. it should be fixed or removed, imho.
_______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
