Matthew Flaschen, 03/10/2013 10:33:
On 10/02/2013 08:49 PM, Tim Starling wrote:
On 02/10/13 05:56, Federico Leva (Nemo) wrote:
Yes, beta can't currently really be used unless you manually confirm
certificates. (Which, by the way, you should never do on any website.)
Why not? Self-signed certificates are as secure as plain HTTP, which
you would think would be good enough for most people for connecting to
a test wiki.
First of all, trusting random certs is a bad habit to get into. Few
people go through the trouble to check the cert chain themselves,
obviously, so they don't know if it's "self-signed" or
"man-in-the-middle signed".
I considered adding an "unless etc. etc." after that "you shouldn't",
but it was getting longer that the whole thread so I refrained.
Nemo
_______________________________________________
Wikimedia-l mailing list
[email protected]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:[email protected]?subject=unsubscribe>
