Le vendredi 09 mai 2008 à 17:02 -0400, Phillip Susi a écrit : > Martin Pitt wrote: > > I don't consider it a new feature, but a better UI. Firefox has always > > complained about invalid certificates, but until version 2 it was just > > the well-known 'SSL yadayada cannot be verified mumblemumble click > > here to shut me up' popup dialog, and really everyone just clicked > > this away, right? Security click-through dialogs should be abolished, > > since they achieve nothing and are really just an excuse for the > > software provider: "I know it is unsafe, and cannot give you something > > better. Of course you can't know either, but at least I can make it > > your problem now." > > > > Now you get at least a proper error message page. I don't doubt that > > the text can be improved, and make more concise/clear, etc., but the > > UI is much better IMHO. > > I could not disagree with this more strongly. You can't go around > applying nerf padding to everything to protect against the possibility > of someone running head first into the wall. When you try to protect > people from themselves, and that protection has a negative impact on > them, you aren't doing them any favors. I don't like the fact that my > car won't let me ( or my passenger ) choose to fiddle with the gps while > the wheels are turning, and I don't like this change to firefox. > > An invalid cert is something that MIGHT be cause for concern, but often > is not, so a notification is quite sufficient to let the user decide if > it is ok to proceed or not. Making them jump through hoops of fire to > be SURE they want to proceed is a bad idea. Notifications are never read, especially by users that are not passionate by computers - they're exactly like there was no message at all, only they annoy users: "click OK and then see if there's a problem" is what OS have used people to for many years. And after that the lock in the adress bar still seems to confirm you're on a secure website.
> Now improving the existing message to be more informative and educate > the user as to what is going on is something I'm all for, but you should > not assume the user has no clue and must be locked up to protect him > from himself. IMHO it's not mainly about educating the user, but to force servers to use correct certificates. When freedesktop.org will understand every person that goes to their bugtracker gets to the new Firefox warning, I guess they will change their certificate. ;-) (just an example) To continue your metaphor, it's primarily intended to force GPS vendors to provide hands-free models so that then you can drive without this kind of concern. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
