What to do about SSL strength
Charles Samuels
charles at kde.org
Wed Mar 8 18:49:20 GMT 2006
Thiago Macieira wrote, on Wednesday 2006 March 08 2:57 pm:
> This is actually like the "broken DNS server" list: we have to work around
> bugs in other people's sites in very low level stuff in our libraries.
I've always liked the idea of not only having a blacklist, but also shaming
the web sites. We can use this in the case of SSL, JavaScript, and DNS.
By shaming, I mean, tell the user that this web site is "known by the KDE team
to be defective" and that "corrective measures" have been taken as a
workaround.
This way:
- We don't get bug reports (in theory ;)
- Users get their web site
- The web site may receive enough embarrassment to be fixed.
Ideally, we would publish this list somewhere from which KDE can download
updates regularly.
cs
More information about the kde-core-devel
mailing list