Bug#745556: Closing dialog for allowing invalid SSL certificate causes default to be accepted
On Mon, Jun 09, 2014 at 11:43:46AM +0100, Jim Scadden wrote:
> Attached is a proposed patch which I have forwarded upstream which
> modifies the behaviour of the dialog box in question so that closing it
> will return the user back to the previous dialog
After testing my patch for a while I do not believe that it is the best
approach. With the patch applied the default option of 'Current Session
only' is located on the left and the 'Forever' option is in the middle.
Since the 'Continue' button on the previous dialog is in the middle
this means that a user who neglects to fully read the 2nd dialog box and
just clicks will have chosen to accept the certificate forever.
Additionally the same logic for invalid SSL certificates is used in
other parts of KDE, so any change would further require changes across
multiple packages to keep the UI consistent across the DE.
Rémi, please could you advise if you would still like the behaviour to
be modified? If so, given that the user has already stated on the first
dialog box that they wish to connect to the server, and closing the 2nd
dialog causes the certificate to only be accepted for the current
session, would you be happy for this bug to be tagged as 'wishlist'
since this is something could potentially require a substantial change
upstream?
--
Jim Scadden
Reply to: