How happy am I that R Kent James finally recognises my issue? After more than 30 posts we're finally talking about it. Does the resistance showing here indicate the cultural problem that R Kent James refers to?
I don't know if I'm reading these posts right but, kindly: Michael Stroder: "within Mozilla every security code is regarded as obstacle" - maybe there *are* too many security obstacles? R Kent James: "causes massive pain for their users" - no pain for our users, they just moved onto Chrome. R Kent James: "We have a lot of unhappy users right now" - we have no users right now, in my organisation. Michael Stroder: "frustrating . . . a waste of time . . . within Mozilla" - does this indicate an internal split / disfunction which is preventing co-operation between strategy and technical to solve the problems in user-viable way? I think this may be the solution: Mozilla team need to work together. Eric Mill, I think this is the problem I'm identifying: "what can be done to educate people responsible for deploying/buying enterprise software deployment that a rapid update path for all software/ protocols/ ciphers/ certificates is a critical prerequisite for performing their job responsibly?" - network engineers are users too, and in a busy work environment when faced with complex security issues that they're not familiar with and late nights every day of the week solving user tickets that are back-logging while they try to rush the roll-out to please management instead of going home to their kids they do the responsible thing: switch users to Chrome and go home (or test it in IE because that's what the boss uses and call it a night?). I'm talking about "user viable" here. It's not a matter of "user friendly" anymore. If Firefox is coded to deliberately not work unless something is fixed, and no-one knows how to fix it (in the time they've been allocated - like minus 30 minutes), then Firefox *will* deliberately not work. And when Firefox *does not work* then the user does what the network guys did last year: switch to Chrome. He doesn't sit there "in pain" because he'll lose his job. I don't know about you but I can't go 24 hours without a working browser. I can go 24 minutes by having a coffee and a leak. At one point I was submitting these posts with Chrome. Many users just won't go back. And, finally, R Kent James: "culture issue in Mozilla security policy . . . willingness to break things in the interest . . . what can be done to better educate the world about why all of this user grief was in fact for the greater good?" - The movie that's playing in my world is a slow motion train wreck. It's no longer a matter of educating others, as if Mozilla was being lauded and followed for their leadership (Mozilla doesn't rule at least not yet), it's a matter of survival. The Chrome trajectory is up. The Mozilla trajectory is a steady reliable down. They crossed in the middle. It's a big X! Mozilla needs decisive and significant steering input and, sorry to put it this way but, stop harping on about security of the web and start getting the browser to function with real world web sites and network engineers as a priority, first. And finally, regrettably, Eric Mill: ". . . you should channel your passion in the direction of the enterprise IT group -- or its political overlords -- that are inconveniencing you and driving their users away from secure browsers." - mate, what can I say, you've got to switch off that paranoid psychotic movie you love playing to support your political bias and start thinking of solutions that will actually work. It may be news to you but my IT department didn't call the President to send teams of military police in riot gear through the building to move us off Firefox. They just answered frustrated users' phone calls with "Try Chrome". Thanks Ryan Sleevi for your gentle encouragement. The one thing I'd like to say is that this may be a dual problem and the current discussion just addresses the first part: deliberate non-function. I'm not clear (but you guys should be) but the second part looks to me like there may be ways in which Firefox is harder to administer or fiddle into operability which is disadvantaging it. That's another aspect where Mozilla team would presumably need to work as a tight, cohesive, respectful and loyal team and dig deep to find ways to make Firefox a complete breeze to administer or work with. The Firefox internal cert store issue I presented with comes into this category. God help you guys and thanks for your responses. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy