On 23 August 2013 23:31, Risker <risker.wp(a)gmail.com> wrote:
There are other options. The question is whether or
not they can be made to
work in the MediaWiki/WMF circumstances. If you looked at the data
collected to see where HTTPS attempts were unsuccessful, you'd see that
there are editors in a lot of countries with issues (i.e., greater than 5%
failure rates), and most of them are technical issues. Suddenly you're not
just talking about a few projects, you're talking about dozens who may have
difficulty getting CU/OS support internally.
That doesn't change the security consideration.
The people in our many overlapping MediaWiki and
Wikimedia communities have
come up with a lot of very creative solutions to problems that other sites
haven't figured out or don't care enough to bother with. I have a lot of
faith that some out of the box thinking might very well resolve this
specific issue, and possibly open a gateway to solving the security issue
for even larger groups.
And until then, it actually needs to be HTTPS-only. I'm horrified it
isn't already.
- d.