[TYPO3-typo3org] Signed SSL-certificate

Steffen Gebert steffen at steffen-gebert.de
Wed Feb 17 15:49:30 CET 2010

Am 17.02.2010, 15:24 Uhr, schrieb Michael Stucki <michael at typo3.org>:

> Just to repeat this again: In my opinion, forge and svn are developer
> systems. I understand that a browser warning may scare people in the  
> first
> place, but I also expect that they rather ignore that warning than  
> closing
> the window.

But a negative feeling remains. IMHO warnings of invalid certificates  
should be avoided whenever possible as it just supports the "just always  
click ignore without thinking" intention. We as developer should not be  
supported to just look away in case of security issues.

In case of manipulated DNS entries for t3o domains, nobody would notice  
and just enter his credentials - but IF a warning would appear.. uhm.. no,  
also nobody will notice, as everybody is usual to just "ignore" ;-)


More information about the TYPO3-team-typo3org mailing list