[TYPO3-typo3org] Signed SSL-certificate
Steffen Gebert
steffen at steffen-gebert.de
Wed Feb 17 15:49:30 CET 2010
Am 17.02.2010, 15:24 Uhr, schrieb Michael Stucki <michael at typo3.org>:
> Just to repeat this again: In my opinion, forge and svn are developer
> systems. I understand that a browser warning may scare people in the
> first
> place, but I also expect that they rather ignore that warning than
> closing
> the window.
But a negative feeling remains. IMHO warnings of invalid certificates
should be avoided whenever possible as it just supports the "just always
click ignore without thinking" intention. We as developer should not be
supported to just look away in case of security issues.
In case of manipulated DNS entries for t3o domains, nobody would notice
and just enter his credentials - but IF a warning would appear.. uhm.. no,
also nobody will notice, as everybody is usual to just "ignore" ;-)
Steffen
More information about the TYPO3-team-typo3org
mailing list