Both cli_wallet and nodes are going to reject transactions that contains private key material in their memo field
I'm not a big fan of solving it at nodes, because it is already too late. Best solution is to keep an eye on users' memo field (it has to be implemented in 3rd party every application that allows transfers) and refuse to put there any key material.
So it's not a fix that gets rid of some software bug. It is a change that would try to stop users that are willing to hurt themselves.
Oh yeah okay like that. It's pretty good that they try to prevent people from hurting them selves.
But why can't they just have an automated system that detect when an key is written in the memo, and the system would give a pop up message like: 'be careful, you're master key is written in the memo field" or something.
That's pretty much like this currently, but of course pop up message is application based while we need to take care about whole platform (i.e. variety of applications) so it's on nodes. It might be good for temporary solution, however, if someone sent that already then notifying is already too late.
But I saw on the original post, a fix was proposed, what do they mean by that?
Both
cli_wallet
and nodes are going to reject transactions that contains private key material in their memo fieldI'm not a big fan of solving it at nodes, because it is already too late. Best solution is to keep an eye on users' memo field (it has to be implemented in 3rd party every application that allows transfers) and refuse to put there any key material.
So it's not a fix that gets rid of some software bug. It is a change that would try to stop users that are willing to hurt themselves.
Oh yeah okay like that. It's pretty good that they try to prevent people from hurting them selves.
But why can't they just have an automated system that detect when an key is written in the memo, and the system would give a pop up message like: 'be careful, you're master key is written in the memo field" or something.
Or is this already what they are doing?
That's pretty much like this currently, but of course pop up message is application based while we need to take care about whole platform (i.e. variety of applications) so it's on nodes. It might be good for temporary solution, however, if someone sent that already then notifying is already too late.