Hello maintainers, and everyone else too, Hubert, Federico, Spider and I have been working on finding suitable issues for the Privacy Campaign[1] funds and we came up with two issues in Web which fall under the privacy domain.
The first of the two is to have HTTPS-everywhere by default (see the EFF plugin for Firefox for an idea[2]). Optionally, it could also refuse mixed-page content (https site loading http content) with an overwritable warning or similar. We would like to propose a bounty of USD 500.00 for full implementation and merging of the feature. So our questions are: is this something which you would be willing to accept in Web? Do you consider the bounty to be suitable based on the difficulty of the issue? The second is the addition of certificate management and TLS issues (bug 721283). We would like to propose a bounty of USD ~2500 split into a few parts based on discrete tasks. Some ideas for the breakdown are: * Untrusted certificate (self-signed or untrusted issuer: https://ca.modio.se/) * Certificate changed / authority changed between visits * Import client certificate * Certificate overview / details about trust * Good error messages and dialogues * Inspect or export certificate Spider would be happy to be the contact for usefulness assessment of the dialogs/UI changes as this is an area in which he is very knowledgeable. As before, the questions to the Web maintainers are whether this is something that you would accept? And is the suggested bounty sane given our assessment of the work involved? The format of the bidding is that we will take care of all the administrative overheads, while the Web maintainers would need to review the code until it is complete and in a satisfactory state for merging/long term maintenance. This will need commitment from the maintainers to offer patch reviews in a timely manner (or even implement the features themselves). I would personally love to see these two issues offered for bounties as I feel that they are probably the ones which will have the most impact on users out of all the ones that we have been looking at. Thanks Kat [1] https://www.gnome.org/news/2013/07/gnome-raises-20000-to-enhance-security-and-privacy/ [2] https://www.eff.org/https-everywhere [3] https://bugzilla.gnome.org/show_bug.cgi?id=721283 _______________________________________________ epiphany-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/epiphany-list
