curl-library
Re: those SSL certificates
Date: Fri, 23 Aug 2002 10:09:26 -0400
> I'm sometimes writing out things before I think.
Perhaps, though one could not tell this from the quality of your postings! ;-)
If I understand your desire here correctly, you are attempting to make it such
that insecure sites that used to work still work unless the user (or developer
using lib curl) does something explicit to close this security hole (by setting
the additional option).
Now, normally for an incompatible change like this, such an approach would be
wonderful. But, when security issues are involved I think it is the wrong
approach. The hole should be closed by default, even if that means that
something that used to work by default nolonger does so. It should take an
explicit setting of an "I don't care about security" option to cause insecure
behaviour... and upward compatibility should not take precidence over security
(in my opinion at least... and assuming I understood your proposal... ;-).
Peace. -njg
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
Received on 2002-08-23