[PATCH] ui: optionally quiesce ssl verification warnings

Matt Mackall mpm at selenic.com
Mon Apr 9 14:51:29 CDT 2012 

On Mon, 2012-04-09 at 12:22 -0700, Steven Stallion wrote:
> On Mon, Apr 9, 2012 at 12:15 PM, Matt Mackall <mpm at selenic.com> wrote:
> >> I believe the patch should also quiesce messages from newer versions
> >> of python where the cert can't be verified:
> >>
> >> @@ -135,7 +137,7 @@
> >>                                         '--insecure to connect insecurely') %
> >>                                       nicefingerprint)
> >>             self.ui.debug('%s certificate successfully verified\n' % host)
> >> -        else:
> >> +        elif reportunverified:
> >>             self.ui.warn(_('warning: %s certificate with fingerprint %s not '
> >>                            'verified (check hostfingerprints or web.cacerts '
> >>                            'config setting)\n') %
> >
> > Ok, that I don't approve of.
> >
> > I will accept a patch that creates an option that silences the "Python
> > too old" messages, but anything beyond that is something that a user or
> > installer can and should fix, not silence.
> 
> Gotcha, I'll revert that bit. As for the option, I'm at a loss for
> something that conveys both issues - the release being too old and the
> fact we are quiescing cert verification. Should report_unverified
> stand? Would report_tooold be better? I'd almost rather keep
> report_unverified and then update the documentation to state that it
> only affects older versions of Python (along with any other warnings
> that folks may want).

I suspect Plan 9 users are self-selected to be smarter and more
detail-oriented than the average developer, who is willfully blind to
both the subtleties of error messages and docs. 

If there's any chance that a sloppy reading of the option description
can result in someone thinking it might silence their pesky SSL error
messages, we'll get thousands of people reporting that it doesn't work.
So both the option name and the description need to be unambiguously
about disabling the "too old" warnings.

Of course, "report_tooold" is its own sort of horror: what mnemonic
tells you if/where to use the "_"? A while ago, I set down the rule on
option naming:

http://markmail.org/message/6zc57jfwnpgpffgq

-- 
Mathematics is the supreme nostalgia of our time.

More information about the Mercurial-devel mailing list