WebKit [LSARC/2008/782 FastTrack timeout 26/12/2008]: New timeout: 1/23

[Edward Hunter]

We should not continue to extend the timer ad infinitum.  Is it possible 
for the interested parties to arrange a meeting with Irene to hash out 
these issues?  I would expect the outcome of that call to either be 
closing the fasttrack or a derailment if possible.  Another choice is to 
schedule an afternoon LSARC meeting so that Irene could attend.  I would 
prefer the first option but can certainly work with the second option.
-edh


On 01/08/09 16:53, Irene Huang wrote:
> There are a lot of discussions, I'd like to rest the time out to be 
> Jan 1/13 (Next Tuesday), in case there's more in next LSARC meeting.
>
> Thanks
>
> --Irene
> Alfred Peng wrote:
>> On 01/07/09 01:21, Hugh McIntyre wrote:
>>> Alfred Peng wrote:
>>>>
>>>> On 01/02/09 15:59, Hugh McIntyre wrote:
>>>>> Shi-Ying Irene Huang wrote:
>>>>> So does this mean that:
>>>>>
>>>>> - HTTPS is not supported right now?
>>>>> - HTTPS is supported, but does no verification of the server 
>>>>> certificate, thus defeating half of the point of HTTPS?
>>>>> - HTTPS is supported and checks the certificates properly, just 
>>>>> not via CURL/OpenSSL?
>>>>> - or that WebKit does not do the network accesses itself?
>>>> The current status for HTTPS support is between option 1 and 2. 
>>>> Normally, WebKit doesn't support HTTPS. But if the environment 
>>>> "WEBKIT_IGNORE_SSL_ERRORS" is set, WebKit will call libcURL 
>>>> function to skip the certificate verification and deal with HTTPS 
>>>> request. OpenSSL isn't involved in this right now. But to enable 
>>>> SSL verification is on the plan.
>>>
>>> Sounds OK, since the out-of-the-box default won't load HTTPS in an
>>> unsafe way.  Presumably any documentation on "WEBKIT_IGNORE_SSL_ERRORS"
>>> will point out that this defeats the security of HTTPS?
>>>
>> There isn't document for this right now. Maybe man page is a good 
>> place to add this?
>>
>> Thanks,
>> -Alfred
>