We need to ensure we stay compatible to upstream and thus, finally, benefit from better security ourselves.
- What's needed, given our current authentication model (interaction with and dependency on BOINC), to stay compatible to the upstream changes?
- Can we merge the upstream changes without being affected or do we have to merge in parallel to our changes, if any? I.e. would a merge upstream be a merge-blocker of other changes for us?
- We should reconsider authenticator-based web-login again and potentially (ask key volunteers) remove it, like BOINC plans it to do.
Update: Add link to BOINC wiki: https://boinc.berkeley.edu/trac/wiki/PasswordHash, so I can find it again easily.