[sugar] Preparing for the feature freeze

Marco Pesenti Gritti mpgritti
Thu Jun 5 10:23:19 EDT 2008


Here is a good explanation of how this is handled in Firefox 3.0
(different from both Eben and Benjamin proposal):

http://www.dria.org/wordpress/archives/2008/05/06/635/

Marco

On Thu, Jun 5, 2008 at 4:14 PM, Benjamin M. Schwartz
<bmschwar at fas.harvard.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Eben Eliason wrote:
> | On Thu, Jun 5, 2008 at 12:36 AM, Michael Stone <michael at laptop.org> wrote:
> |> On Tue, Jun 03, 2008 at 11:03:44AM +0200, Marco Pesenti Gritti wrote:
> |>> * Browser bookmarks and autocompletion. - priority 3
> |> I'd really like to see some progress on #542/#5534 (deal with
> |> non-standard SSL certificate authorities). This is going to become a
> |> bigger and bigger stumbling block the longer we wait. Surely we could
> |> manage some sort of 'accept this cert' button? (Keep in mind the
> |> possibility of another G1G1 coming our way in the foreseeable future.)
> |
> | I think that a non-modal alert (akin to those used for downloads)
> | would suffice.  Toss up buttons for "view" "cancel" and "accept", with
> | the first of these presenting a modal alert with the detailed
> | certificate information, and we'd be set.
>
> I don't understand this at all.  If a site offers an invalid/untrusted SSL
> certificate, it should simply be accepted silently.  The user should have
> the same experience as if the page were not using SSL.
>
> We know from experience that users do not know how to interpret the
> certificate warning, and simply learn to click on the button that allows
> them to continue.  Presenting them with an incomprehensible warning, and
> then indicating that the connection is secure, is not good security, and
> not good UI.
>
> - --Ben
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkhH9NcACgkQUJT6e6HFtqTISgCbBCObRmRVpQHGaoYEf484Qyny
> c4kAniMlTZgUzUiIc8mOqDtI1BJrZcjm
> =3UDw
> -----END PGP SIGNATURE-----
> _______________________________________________
> Sugar mailing list
> Sugar at lists.laptop.org
> http://lists.laptop.org/listinfo/sugar
>



More information about the Sugar-devel mailing list