Sylvain Beucler wrote: > Mozilla follows money-based audit. Right, and because of this, they decided to make certificate errors in xulrunner 1.9 fatal (i.e. Firefox 3.x). The user has to jump through hoops to make the browser believe the certificate is valid, thus finally allowing access to the site.
The Debian maintainer has found this behaviour annoying enough to forward-port the NSIBadCertListener interface from xulrunner 1.8 to 1.9.x, so this is less of a problem for Debian users (unfortunatley not for gNewSense users, as Ubuntu's xulrunner package doesn't have this patch.). More importantly, I fail to see what the problem is, really. If the user is clueless enough and doesn't understand how to validate a certificate, what good it does if we choose a certificate that is included in a (popular) particular program? The "learning about GNU" issue is non-existent, since all www.gnu.org contents is available via HTTP. > I don't know about other Savannah hackers, but if that happened I'd > certainly have better things to do. Not that I count as Savannah hacker, but I think that what we do currently is quite sane.
