On Fri, Aug 22, 2014 at 07:21:41PM -0400, Jacob S Hoffman-Andrews wrote: > > On 08/22/2014 07:14 PM, Peter Eckersley wrote: > >The underlying problem is that sometimes that bug causes havoc in which > >we rewrite the top level page to HTTPS, and then the mixed content > >blocker kicks in and blocks scripts before we can rewrite their URLs to > >HTTPS (!). > I believe that's a different, but closely related bug. My approach > would not be to downgrade both extensions to beta, but to say "lots > of people have been happily using both extensions; they are of > similar quality; let's call them both stable." > > I also think that the work we've done disabling the sites that run > into MCB trouble has made that bug much less severe than it used to > be.
That's a reasonable argument. To maximise how true it is we should also make a habit of running the MCB trigger tests periodically, and turning off the rulesets that they warn about. Those tests can be found by toggling extensions.https_everywhere.show_ruleset_tests to true in about:config, after which they'll be in the HTTPS Everywhere menu. They should be able to give us data on which rulesets are obviously causing cert warnings and MCB... -- Peter Eckersley [email protected] Technology Projects Director Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993 _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
