- This page is not intended to serve as an "article" about HTTPS Everywhere; it is just a scratch pad of TODOs. For specific feature requests, see /feature.
Issues needing discussion
Bug trackers
- A developer filed bmo:878890 to mean"Give HTTPS Everywhere a chance to secure as much as possible before blocking mixed content"; what relationship should it have with bmo:815329?
- [[torbug:8958]] mentions bmo:644640; should it be more specifically bmo:628312? (I didn't read carefully enough; what said developer wants is possibly a dependency between the two bugs, per "I'm not sure if this has any bearing on this particular patch, since we were hoping to get this extension API via #644640." in bmo:628312#c25)
- Should someone make a tracking bug on Mozilla Bugzilla for bugs related to HTTPS Everywhere (Component: Extension Compatibility; Keywords: addon-compat)?
- Should we define a whiteboard tag "[mcb-has-httpse-ruleset]" to be used in the dependencies of bmo:844556? (Any such bug that itself depends on bmo:776278 should probably have that dependency changed to bmo:878890, until we decide what to do with bmo:776278...)
On terms of service of websites
[[torbug:9287]] expresses a concern that accessing a site solely for the purpose of developing a ruleset, without the intent to become a routine user of the site, may violate the TOS of the site. (Pay attention to the word "database" in the example TOSes given there.) I personally think this isn't such a big deal, in that it's essentially a form of bit color. I think the TOS concern lies more with the end user who has HTTPS Everywhere installed and the ruleset enabled, and also that CDNs are a potential concern for both development and end-use (see talk)
Categories: Computer security