Mimi Yin wrote: > You have seen this certificate before. You fiddled with some levers > which ended up putting this certificate in the not-trust pile. But you > probably didn't know what you were doing it...so here it is again. Do > you trust it or not? > > Is that accurate? I'm not proposing that as the message, just trying to > get the story straight.
That about sums it, yes. > A different way to approach this: Is it important for the user to know > that the certificate is already known? Could we just gloss over that > part? Or, what's the significance of being already known? It seems like > the user barely knows of its existence. I think it does have some significance. The user had to do something earlier to get the certificate into the repository. That is different from seeing something for the first time. > So is the issuer the server you're trying to connect with? Can we say: > *'Cannot get certificate from server or new server.'* No, and no. I'd just rather keep the message as is. -- Heikki Toivonen
signature.asc
Description: OpenPGP digital signature
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Open Source Applications Foundation "Design" mailing list http://lists.osafoundation.org/mailman/listinfo/design
