[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Repo-criteria-discuss] Defining C6 (HTTPS) more precisely
|
From: |
Josh Triplett |
|
Subject: |
Re: [Repo-criteria-discuss] Defining C6 (HTTPS) more precisely |
|
Date: |
Sat, 30 Apr 2016 15:05:17 -0700 |
|
User-agent: |
Mutt/1.6.0 (2016-04-01) |
On Thu, Apr 28, 2016 at 11:06:01PM -0400, Mike Gerwitz wrote:
> On Thu, Apr 28, 2016 at 09:00:28 -0700, Josh Triplett wrote:
> > Quoting criteria C6:
> >> Support HTTPS properly and securely, including the site's certificates.
> >> (C6)
> >
> > "properly and securely" seems rather vague. I think we should spell out
> > exactly what we expect. Suggested wording:
>
> rms wanted to keep the criteria short; a number of them were stripped
> down. It could be worth adding clarifications elsewhere.
>
> Zak: I don't recall the details; did he object to clarification
> elsewhere? I think he preferred to be vague and let evaluators decide
> on a case-by-case basis.
A separate clarifications page, perhaps with cross-links, would make a
lot of sense. I can understand wanting to leave things up to
evaluation; however, some guidelines would help sites who want to do the
right thing.
- Josh Triplett