Hi Mark, I think Mozilla's position is reasonable since if you allow this sort of thing to remain possible, nobody will fix anything. Broken software will ship with instructions for the users to "just make an exception".
Would it be feasible to put a proxy in front of the HTTP-only service, that consumes HTTP on its backend and exposes HTTPS on its frontend? That way, the burden is on the administrator rather than the end-user, which is probably a fairer division of labour. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
