Magnus Hagander [2009-04-10 19:14 +0200]: > It's "secure by default". Without it, most people will *never* get > protected by verifying the certificate because they will not manually > copy root certificates there.
The problem and fallacy with security is that if you make it too tight, people will just disable it. I'd be the happiest man on the world if the internet would stop using bad SSL certificates, and all those browsers which try to educate the users about exceptions could just refuse the site and do nothing. But unfortunately the world doesn't work that way. Similarly, my concern is that people would rather disable SSL than trying to get all their db users to put a certificate into their home directory (t least this should be configurable at the system-wide level, like checking whether a cert in /etc/ssl/certs/* matches; or making this more flexible to configure the default on a system level at least.) So the nice thing about a warning is that it will stay around and nag people, instead of dragging them into a kneejerk reaction to "fix" their systems which suddenly got "broken". But thanks to everyone for chiming in. Initially I thought it was just a subtle regression. Since it doesn't seem to be, I'll just adapt my test suite if this is going to stay like it is right now. I'm still concerned about the potential confusion, though. Thanks, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
