Mark Martin wrote: > Darren J Moffat wrote: >> >> Also this is really no different several other similar cases with SSL. >> >> If HTTPS is not enabled then I will derail this case and call for a >> vote. >> > > I don't think the only issue is the lack of a handy, well known cert > repository; the fact that the underlying implementation doesn't > validate properly would probably surprise folks. > > The choices that I saw were: > a) Deliver with HTTPS disabled by default. Principle of least > astonishment. > b) Deliver with (incomplete and ostensibly unsafe) HTTPS enabled by > default. > > If you're insisting on B, how do you advise managing the gap? Log a > bug? Document a warning? Assume developers will be diligent or just > know? Apologies for the reply to self, but I forgot to mention that option A was the behavior from the first case, and since the classification was changed from consolidation private, I believe the exposure is increased.
- WebKit 1.1.x [LSARC/2009/409 FastTrack timeout 08/04/2009... Mark Martin
- WebKit 1.1.x [LSARC/2009/409 FastTrack timeout 08/04... Alfred Peng
- WebKit 1.1.x [LSARC/2009/409 FastTrack timeout 0... Mark Martin
- WebKit 1.1.x [LSARC/2009/409 FastTrack timeo... Alfred Peng
- WebKit 1.1.x [LSARC/2009/409 FastTrack t... Mark Martin
- [desktop-discuss] WebKit 1.1.x [LSARC/20... Alfred Peng
- WebKit 1.1.x [LSARC/2009/409 FastTrack timeout 08/04/2009... Brian Cameron
- WebKit 1.1.x [LSARC/2009/409 FastTrack timeout 08/04... Brian Cameron
- WebKit 1.1.x [LSARC/2009/409 FastTrack timeout 0... Darren J Moffat
- WebKit 1.1.x [LSARC/2009/409 FastTrack timeo... Mark Martin
- WebKit 1.1.x [LSARC/2009/409 FastTrack t... Mark Martin
- WebKit 1.1.x [LSARC/2009/409 FastTrack t... Darren J Moffat
- WebKit 1.1.x [LSARC/2009/409 FastTr... Brian Cameron
- WebKit 1.1.x [LSARC/2009/409 FastTr... Alfred Peng
- [desktop-discuss] WebKit 1.1.x ... Hugh McIntyre
- [desktop-discuss] WebKit 1.1.x ... Alfred Peng
- [desktop-discuss] WebKit 1.1.x ... Darren J Moffat
- [desktop-discuss] WebKit 1.1.x ... Mark Martin
- [desktop-discuss] WebKit 1.1.x ... Alfred Peng
- [desktop-discuss] WebKit 1.1.x ... Matt Lewandowsky
- [desktop-discuss] WebKit 1.1.x ... Darren J Moffat