Re: Midori for Squeeze
In gmane.linux.debian.devel.release, you wrote:
> On 17/10/2010 22:08, Moritz Muehlenhoff wrote:
>> Hi Ryan/release team,
>>
>> During my review of open security issues I noticed that the
>> version of Midori currently in Squeeze still has broken
>> HTTPS support. (#582213)
>
> This bug is only about packaging a new upstream release, maybe you were
> referring to #595813 ? Though afair midori in squeeze does support https
> (meaning, it can connect to an https website).
I'm referring to http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=19;bug=582213:
| it would be really nice to get 0.2.6 into squeeze. 0.2.5 introduced
| basic HTTPS certificate validation support, which is essential to do
| any serious HTTPS stuff which isn't only snakeoil security, like online
| banking. Previous midori releases supported HTTPS, but don't validate
| the server certificate against root certificates.
>> We shouldn't ship a browser with the state as-is. We could
>> either drop it or update to the version currently in sid?
>
> The version currently in sid is already outdated though (I've made some
> packaging for 0.2.8 but didn't upload yet, still not sure about taking
> over maintainership...)
>
> In any case, the https support by midori is working but not really
> satisfying. The browser can connect to https website, and in recent
> versions even change the url bar color, but that's all. There's no
> configuration support, no way to add an AC or a client certificate, no
> way to see the certificate a website is using.
>
> Some might think that makes the browser unusable and unsuitable for
> Squeeze, I'm not so sure. It's a shame the browser doesn't have a real
> https support, but it's still working and is a nice little browser. I
> don't think it should be installed by default but it's still useful in a
> stable release (imho).
Weööll, ie HTTPS support is so limited, it's unlikely to be used
anyway, so we might just as well leave the current version in.
Cheers,
Moritz
Reply to: