[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: HEAD openend
From:       George Staikos <staikos () kde ! org>
Date:       2000-10-20 15:56:25
[Download RAW message or body]

On Friday 20 October 2000 11:46, David Faure wrote:

> >> > Well, if that's not the case, then why not wait until we have all the
> >> > translations and docs that we can reasonably expect ?
> >> >
> >> > I don't see the point here. If we have to make two 2.0.x releases for
> >> > some reason (please someone me which), then at least this request
> >> > should come from the people concerned, i.e. translators and doc
> >> > writers, don't you think ?
> >>
> >> Time will tell. I see no point in speculating about whether or not a
> >> 2.0.2 release is needed. If a grave security hole is found in 2.0.1, We
> >> should make a 2.0.2 release.
> >
> >  Grave as in SSL certificates can be forged against konqueror?
>
> Well, this doesn't have to wait for 2.0.2, you can fix it for 2.0.1 :-)

  That depends on the release schedule.  I'm rather loaded down right now.  
The problem is that we overwrite the security data for every part of the page 
loaded.  This is very complicated however.  There are many many codepaths 
because the user has to be able to configure which sites to accept 
certificates from, and has to be warned about mixed SSL/NON-SSL pages.  
There has to be a cache of seen certificates (which I have started (sort of)) 
so that we don't endlessly prompt the user on unknown CA's.  This would 
ideally be a separate process, but it could also be done just in the scope of 
each konqueror process, I guess.  Also there needs to be some logic to ignore 
graphics files, because some sites load the graphics files from non-ssl.

-- 

George Staikos 

[prev in list] [next in list] [prev in thread] [next in thread]