Hi, > Despite many valid reasons for keeping the old ones activated, I'd like > to see the old Versions dropped from the default setting. The longer > people keep them around the longer they will stay.
Without my "running an actual webserver hat" on, I think I agree. Having said that, even with my "running an actual webserver hat" on, I suspect most of the problems will be on the http-client side. > Also I'd explicitly > turn *on* certificate verification, as painful as this may be. If the > ssl egg silently accepts invalid certificates it creates a false sense > of security to the user. If someone needs all these features they know > that and will turn them back on. I definitely agree with this and certainly in this case, most of the problems will occur on the http-client side rather than the spiffy side. Regards, @ndy -- [email protected] http://www.ashurst.eu.org/ 0x7EBA75FF _______________________________________________ Chicken-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/chicken-users
