Alfred Peng wrote: > On 01/07/09 01:21, Hugh McIntyre wrote: >> Sounds OK, since the out-of-the-box default won't load HTTPS in an >> unsafe way. Presumably any documentation on "WEBKIT_IGNORE_SSL_ERRORS" >> will point out that this defeats the security of HTTPS? >> > There isn't document for this right now. Maybe man page is a good place > to add this?
I guess I don't care strongly about this, so the ARC may want to provide a preference. Either: - Provide a safe default (no loading of unsafe HTTPS pages) and don't document this variable anywhere. - or document only to the extent of saying "WEBKIT_IGNORE_SSL_ERRORS exists as an option but breaks security and generally should not be used". Or something along these lines. Hugh.
