> OAUTHDEBUG_LEGACY_UNSAFE? That sounds better
> I think I'm missing something; how does the choice of .c/.h change > things? There's no static tracking in v1 of the patchset Eh, sorry about that, I was sure that I sent a version which handled that to the list, but apparently I didn't. It didn't use atomics/mutexes, so maybe it's better. > `UNSAFE` is intended to be a weak defense against social engineering > attacks. So these warnings need to be translated, if possible, and we > should not provide instructions on how to defeat that defense. With the same logic, shouldn't we print a very visible warning when somebody enables trace? Since it's a long output, maybe to both the beginning and end of the flow?
nocfbot-tracewarning.diff
Description: Binary data
