[HTTPS-Everywhere] Chrome 2014.8.22 ("extremely stable") released
Peter Eckersley
pde at eff.org
Fri Aug 22 16:46:50 PDT 2014
On Fri, Aug 22, 2014 at 07:21:41PM -0400, Jacob S Hoffman-Andrews wrote:
>
> On 08/22/2014 07:14 PM, Peter Eckersley wrote:
> >The underlying problem is that sometimes that bug causes havoc in which
> >we rewrite the top level page to HTTPS, and then the mixed content
> >blocker kicks in and blocks scripts before we can rewrite their URLs to
> >HTTPS (!).
> I believe that's a different, but closely related bug. My approach
> would not be to downgrade both extensions to beta, but to say "lots
> of people have been happily using both extensions; they are of
> similar quality; let's call them both stable."
>
> I also think that the work we've done disabling the sites that run
> into MCB trouble has made that bug much less severe than it used to
> be.
That's a reasonable argument.
To maximise how true it is we should also make a habit of running the
MCB trigger tests periodically, and turning off the rulesets that they
warn about.
Those tests can be found by toggling
extensions.https_everywhere.show_ruleset_tests to true in about:config,
after which they'll be in the HTTPS Everywhere menu. They should be
able to give us data on which rulesets are obviously causing cert
warnings and MCB...
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-Everywhere
mailing list