Hi all,
On 20/05/14 13:27, Silke Meyer wrote:
Hi again,
Indeed. Assuming WMDE isn't planning on not having any web servers, their existing web server for wikimedia.de can keep redirecting tools.wikimedia.de to toolserver.org. No changes necessary.
So okay, not making any change to the DNS entry is completely okay for me. WMF ops then have to decide about the SSL certificate question.
keeping the domain a CNAME just as is and considering it a deprecated one at the WMF end makes the most sense to me. This way it is just a legacy entry on WMDE side that never has to be touched again except for eventual deletion. And on WMF side it will receive an invalid certificate. So tools will not fail, but give a cert warning which should hopefully trigger fixing URLs at the maintainers' at some point in time. Also this solution does not need any special coordination of certificates, A or MX-records and whatnot.
2cents amette
If WMDE really wants to remove them, they could point that subdomain to WMF servers and have WMF do the redirect and simply don't provide an SSL certificate. E.g. WMF would use a self-signed certificate or an invalid one like the one for wikipedia.org, WMF does this all the time for old or unused domains:
wikipedia.com
wikimediacommons.org
And if we really really want, one could purchase a separate certificate for just tools.wikimedia.org (so that the wildcard one isn't needed) and transfer only that to WMF.
For me, it is important that I don't have to deal with that domain any longer. Simply keeping the CNAME causes on work at all. If you at WMF want to handle the certificate question in the future, you can go ahead. At the Hackathon, I understood that Coren is no fan of such a solution though.
Best, Silke