I would like to hear from someone at MDG what’s MDG’s position on Sikka. Is it absolutely necessary to have the package if you don’t anyone to bring down your site willy nilly. Or is it more like you’re fine without it but if you do X, Y, or Z then you do need it.
If it’s an absolute requirement to have then why not bake it into core?
I ask because we’re going to start a project in the next few months here at my company. In the current state of affairs there’s no way I’ll be able to recommend using Meteor knowing that I’ll have to end the presentation with “There’s one caveat though, Meteor has a hole which allows anyone to bring down your app at any time. But don’t worry there’s a package called meteorhacks:sikka which patches it.”
As well respected as Arunoda is in the Meteor community, I know the reaction I’m going to get from the suits.
The suits are going to be ROTFL saying “Let me get this straight… you want us to bet an app that’s going to cost hundreds of thousands of dollars, just to get it out the door, on this framework which is so insecure that for the app to stay up it needs a hack from who knows who in who knows where? Good one.”