[sugar] Preparing for the feature freeze

Marco Pesenti Gritti mpgritti at gmail.com
Thu Jun 5 10:32:31 EDT 2008


On Thu, Jun 5, 2008 at 4:24 PM, Eben Eliason <eben.eliason at gmail.com> wrote:
>> We know from experience that users do not know how to interpret the
>> certificate warning, and simply learn to click on the button that allows
>> them to continue.  Presenting them with an incomprehensible warning, and
>> then indicating that the connection is secure, is not good security, and
>> not good UI.
>
> Yeah, I prefer this solution, actually; I thought for some reason it
> wasn't acceptable to some, but maybe I'm wrong.  It's also (I'd think)
> an easier one to implement.  What we should focus on instead, if we
> choose this direction, is providing an indication for secure sites.

Does any web browser actually implement that behavior? We should be
damn sure that there are no reasons against it if we decide to go down
this way...

Besides, I don't think there is a way to implement this cleanly with
xulrunner. You'd have to do something something really messy like:

1 Load the page.
2 Firefox cancels it and inform us about it.
3 We automatically add an exception to allow the site to load.
4 We reload the page.
5 We show all the sites with a "broken" certificate as unsecure.

Honestly the only viable solution (at least on the short time) is to
just hook up the firefox UI.

Marco


More information about the Sugar mailing list