What to do about SSL strength

Charles Samuels charles at kde.org
Wed Mar 8 18:49:20 GMT 2006

Thiago Macieira wrote, on Wednesday 2006 March 08 2:57 pm:
> This is actually like the "broken DNS server" list: we have to work around
> bugs in other people's sites in very low level stuff in our libraries.

I've always liked the idea of not only having a blacklist, but also shaming 
the web sites.  We can use this in the case of SSL, JavaScript, and DNS.

By shaming, I mean, tell the user that this web site is "known by the KDE team 
to be defective" and that "corrective measures" have been taken as a 

This way:
- We don't get bug reports (in theory ;)
- Users get their web site
- The web site may receive enough embarrassment to be fixed.

Ideally, we would publish this list somewhere from which KDE can download 
updates regularly.


More information about the kde-core-devel mailing list