Re: Security bounties on Web bugs

From: Michael Catanzaro <mcatanzaro igalia com>
To: Michael Heyns <mike bean heyns gmail com>
Cc: hub figuiere net, "D.S. 'Spider' Ljungmark" <spider gnome org>, epiphany-list gnome org, Federico Mena Quintero <federico gnome org>
Subject: Re: Security bounties on Web bugs
Date: Sat, 21 Feb 2015 19:56:17 -0600

On Sat, Feb 21, 2015 at 7:23 PM, Michael Heyns <mike bean heyns gmail com> wrote:

Hi Michael,

Are you saying Epiphany has no plans to implement support for untrusted/self-signed certificates?

This is one of the main reasons we had to pull Epiphany from workstations.

Thanks a bunch,
Mike.

Hi Mike,

Kind of. If you don't want to see the security warning when visiting a site with an untrusted certificate, you should add the certificate to your operating system's trust store, then Epiphany will trust it like any other. Something like this should work (untested):

$ sudo trust anchor /path/to/certificate.crt

Now, to be clear, I do think we need UI to make doing that easy: users should not have to drop to the command line to trust a certificate in 2015. But I would rather see that work done in Seahorse, not Epiphany. Seahorse already has UI for certificate management, it just doesn't seem to work. Who knows, it might even be simple to fix (not sure).

In any case, if you're running a managed/corporate environment, installing a certificate manually should not be any problem for you, and if you're not running a managed environment, you should not need to and should really think twice before doing so. That's why I haven't prioritized this issue. So as long as we're talking about reasons not to use Epiphany, that's not one I would pick. :)

Michael

Follow-Ups:
- Re: Security bounties on Web bugs
  - From: Ekaterina Gerasimova

References:
- Re: Security bounties on Web bugs
  - From: Michael Heyns

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]