The current rss.js code always embeds non-SSL (http:) links in the feed data. This is not a good thing because in typical acralyzer installations, access to the bug reports requires transmitting the CouchDB administrator login/password over the wire. Also, crash reports may contain sensitive user data.

I experimented with adding SSL autodetection to rss.js, but encountered the following limitations:

• The Netscape RSS 0.91 spec discourages (if not disallows) protocols other than http: and ftp:.
• RSS does not support relative URLs at all.
• CouchDB does not seem to give us an indication of whether SSL was used to access the current document, so we would have to "guess" (or maybe put it in a configuration file somewhere).

All three problems can be addressed by using Atom instead, and specifying relative URLs in the feed. So I am submitting atom.js, accessed via https://HOST/acra-PROJECT/_design/acra-storage/_list/atom/recent-items?descending=true. i.e. just replace "rss" with "atom" in the URL.

The output from this code passes the w3c.org feed validator. There is one non-fatal warning regarding the use of relative URLs in the "self" link, which is allowed but discouraged.

atom.js incorporates @halkeye's pending fixes from bug #10.

See here for background discussion on the CouchDB list; there are additional posts in the thread.