[wp-hackers] Is disabling remote client access a good idea?

[Lloyd Budd]

On Tue, Jun 24, 2008 at 8:52 PM, Daniel Jalkut <jalkut at red-sweater.com> wrote:
> It's been interesting to see how the general vibe on this list has been more
> supportive of the limitation, while the comments on my blog are in both
> directions but I think with a bit of lean against the limitation.

A significant factor is the way your article frames the issue and
excites people. There are numerous problems with your analogies and
comparisons, but that is off topic here.

I think your concern is a valid one, and I value a good protest. Still
there is no "WordPress's decision". It's the thousands of WordPress
participants, particularly the regular contributors in the remote
access area including yourself. "A real solution" is ultimately
offered through code.

Still I'd like to do a little talky to, as I'm also intriged by this
change. I wonder if it is something that will last many versions, and
might end up being short sited (pun intended). I'm surprised the
discussion has been so focused on traditional clients. Publishing from
other social tools and sites into WP is increasing popular -- upload
your video to service X and publish to your blog; go out for coffee
and let the world know.

It seems like an OAuth or like solution is desirable, or soon will be.
Then again on wp-xmlrc, people didn't seem excited about
http://comox.textdrive.com/pipermail/wp-xmlrpc/2008-June/000208.html
Assuming OAuth does get hawt, what addition benefits and protections
does disabling provide if you also have OAuth? The extra hoop the 1st
time would seem to add little benefit if OAuth is always the first
gate. Of course, it might be a tough pill to swallow because it would
really break all existing clients.

Thanks,
Lloyd