[sugar] Preparing for the feature freeze

Benjamin M. Schwartz bmschwar
Thu Jun 5 10:14:47 EDT 2008

Hash: SHA1

Eben Eliason wrote:
| On Thu, Jun 5, 2008 at 12:36 AM, Michael Stone <michael at laptop.org> wrote:
|> On Tue, Jun 03, 2008 at 11:03:44AM +0200, Marco Pesenti Gritti wrote:
|>> * Browser bookmarks and autocompletion. - priority 3
|> I'd really like to see some progress on #542/#5534 (deal with
|> non-standard SSL certificate authorities). This is going to become a
|> bigger and bigger stumbling block the longer we wait. Surely we could
|> manage some sort of 'accept this cert' button? (Keep in mind the
|> possibility of another G1G1 coming our way in the foreseeable future.)
| I think that a non-modal alert (akin to those used for downloads)
| would suffice.  Toss up buttons for "view" "cancel" and "accept", with
| the first of these presenting a modal alert with the detailed
| certificate information, and we'd be set.

I don't understand this at all.  If a site offers an invalid/untrusted SSL
certificate, it should simply be accepted silently.  The user should have
the same experience as if the page were not using SSL.

We know from experience that users do not know how to interpret the
certificate warning, and simply learn to click on the button that allows
them to continue.  Presenting them with an incomprehensible warning, and
then indicating that the connection is secure, is not good security, and
not good UI.

- --Ben
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Sugar-devel mailing list