WebKit [LSARC/2008/782 FastTrack timeout 26/12/2008]: New timeout: 1/23

[Hugh McIntyre]

Edward Hunter wrote:
> We should not continue to extend the timer ad infinitum.  Is it possible 
> for the interested parties to arrange a meeting with Irene to hash out 
> these issues?  I would expect the outcome of that call to either be 
> closing the fasttrack or a derailment if possible.  Another choice is to 
> schedule an afternoon LSARC meeting so that Irene could attend.  I would 
> prefer the first option but can certainly work with the second option.

Personally, despite this and the other email I just sent.  I think the 
questions have been answered.  I'm fine if the case is closed.

>>>> Sounds OK, since the out-of-the-box default won't load HTTPS in an
>>>> unsafe way.  Presumably any documentation on "WEBKIT_IGNORE_SSL_ERRORS"
>>>> will point out that this defeats the security of HTTPS?
>>>>
>>> There isn't document for this right now. Maybe man page is a good 
>>> place to add this?

It's not clear from the public materials if you'll be shipping a man 
page or not.  It's also not clear from the webkit.org sources whether 
these have man pages - it looks like the answer is no.

In any case I think it's up to you want to do.  If you ship 
documentation that says "HTTPS is not enabled by default" then it's up 
to you if you explain why or not.  I thin you can either:

- not mention WEBKIT_IGNORE_SSL_ERRORS at all.

- or if you do mention it, you should say that it's insecure and 
probably also should be considered obsolete (.ie. may go away in future?).

Either option is OK with me.