On Mon, Jul 27, 2009 at 11:55 PM, Duane Roelands<duane.roela...@gmail.com> wrote: > RTFM is not a helpful answer, especially when many developers are > relying on libraries that they did not write.
That's a risk you run when using code you didn't write. I'm not saying that this situation doesn't suck for those affected. I'm sure that it does. But, for a technology so new as OAuth, the libraries may not be mature yet. Officially, Twitter OAuth is still in Public Beta and has never been officially recommended to integrate into production code. That being said, there could still be a problem on Twitter's end with their signature verification mechanism and the libraries could all be valid. I don't have a way of knowing. I do agree that at least a note that "a security change was pushed today" would be nice, though. -Chad