On Fri, Jul 19, 2019 at 09:52:32PM +0000, Daniel Shahaf wrote: > Stefan Sperling wrote on Fri, 19 Jul 2019 18:45 +00:00: > > It looks like the interactive prompt omits an option to save the cert > > if it sees a certificate failure of class 'other' from the above list. > > I am not sure why this decision was made but that's what the current > > code seems to do. > > The rationale is that if we don't know what the failure reason _is_, we > don't know whether it's safe to ignore it permanently. In other words, > it only offers "permanently" if the failure bits are all whitelisted. > > The downside is that there's no easy way for a user to say "I know what > I'm doing, and I _do_ want to ignore this permanently; make it so", such > as a utility that takes a PEM form certificate (on, say, stdin) and > marks it as permanently trusted.
At the point where we're already asking the user, we might as well let the user decide what to do, in any case. Yes, some people might then save a bad cert without knowing any better. But as a user I find it infuriating when software I use contains artificial restrictions like this. We should assume our users know what they are doing. Subversion is not a web browser.
