From kde-core-devel Fri Oct 20 15:56:25 2000 From: George Staikos Date: Fri, 20 Oct 2000 15:56:25 +0000 To: kde-core-devel Subject: Re: HEAD openend X-MARC-Message: https://marc.info/?l=kde-core-devel&m=97205717306834 On Friday 20 October 2000 11:46, David Faure wrote: > >> > Well, if that's not the case, then why not wait until we have all the > >> > translations and docs that we can reasonably expect ? > >> > > >> > I don't see the point here. If we have to make two 2.0.x releases for > >> > some reason (please someone me which), then at least this request > >> > should come from the people concerned, i.e. translators and doc > >> > writers, don't you think ? > >> > >> Time will tell. I see no point in speculating about whether or not a > >> 2.0.2 release is needed. If a grave security hole is found in 2.0.1, We > >> should make a 2.0.2 release. > > > > Grave as in SSL certificates can be forged against konqueror? > > Well, this doesn't have to wait for 2.0.2, you can fix it for 2.0.1 :-) That depends on the release schedule. I'm rather loaded down right now. The problem is that we overwrite the security data for every part of the page loaded. This is very complicated however. There are many many codepaths because the user has to be able to configure which sites to accept certificates from, and has to be warned about mixed SSL/NON-SSL pages. There has to be a cache of seen certificates (which I have started (sort of)) so that we don't endlessly prompt the user on unknown CA's. This would ideally be a separate process, but it could also be done just in the scope of each konqueror process, I guess. Also there needs to be some logic to ignore graphics files, because some sites load the graphics files from non-ssl. -- George Staikos