Nils Maier wrote: > Disallowing those "corrupt LF" request is in fact what I wouldn't like > to see.
When they get a "link fingerprint check failed" error, how is a user to tell the difference between "Oh, the webmaster screwed up" and "Someone has trojaned this download"? Hard fail is the right way to go. > What if a webmaster somehow got the LF wrong? The user would get > punished for it. The webmaster should have tested the link! > Even SSL will let you continue if there is something wrong like > non-matching hostnames; and SSL provides reliable security. We are changing this. > So I still am in favor of implementing LF within the actual consumers, > as only they know how to handle stuff correctly, as only they got the > full stream. I agree. Gerv _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
