On 4/3/2010 6:45 AM, Jean-Marc Desperrier wrote:
On 02/04/2010 18:25, johnjbarton wrote:
The appropriate way to address this security problem starts by
contacting the major providers of server software
There's no need to contact them, they are well aware of the problem.
AFAIK they have all already issued the necessary updates.
It's the sites that need to catch on those updates.
And web developers can have power to influence those sites to update.
I think your assessment of the relationship between Web developers and
server infrastructure is based on dated information. These days only a
tiny fraction of the Web pages are served from sites where the developer
even knows who runs the server.
But even if there was a relationship, sending unsolicited, mass
electronic communications in an effort to goad people into lobbying for
your cause abuses your position of responsibility. Please reconsider.
If the *users* of Firefox are truly in jeopardy, then this alert should
be provided to *users*. Since this alert is not shown to users I can
only assume that in fact there is no practical threat here. You're
putting this message in the Error Console because you can.
jjb
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto