On Thursday, July 18, 2019 at 2:39:51 PM UTC-4, Matthew Hardeman wrote: > Isn't the logical outcome that the nation-state forks one of the > open-source browser projects, patches in their MiTM certificate, and > un-does the blacklisting? I think that's exactly what would happen. The > trouble is, there's no reason to expect that the fork will be maintained or > updated as security issues are discovered and upstream patches are issued. > We wind up with an infrequent release cycle browser being used by all these > users, who in turn get no privacy AND get their machines rooted > disproportionate to the global population.
I like the banner idea, BUT they could fork because of the banner as well. This same argument (avoid forks for their security) could be used to say Mozilla shouldn't have the banner. Then you can walk that all the way to supporting state MITM. I'm not picking a fight and I don't have a better idea. I'm just looking at the logic. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
