---------- Forwarded message ---------- From: Rob Lanphier robla@wikimedia.org Date: Wed, Aug 21, 2013 at 10:56 AM Subject: HTTPS for logged in users delayed. New date: August 28 To: Wikimedia developers wikitech-l@lists.wikimedia.org
Hi everyone,
After assessing the current readiness (or lack thereof) of our HTTPS code, we've decided to postpone the deployment for a week. We have a number of things that we'd like to get cleaner resolution on:
* Use of GeoIP vs enabling on per wiki basis * Use of a preference vs login form checkbox vs hidden option vs sensible default * How interactions with login.wikimedia.org will work * Validation of our HTTPS test methodology
The new plan is to deploy on Wednesday, August 28 between 20:00 UTC and 23:00 UTC. Prior to that, we plan on having a very limited deployment to our test wikis, and we're also planning to deploy to mediawiki.org. Assuming this is sorted out and we have made our test deployments by end of day Monday, August 26, we should have time to validate our assumptions and give people time to see the new system in action.
More info is (or will be) available here: https://meta.wikimedia.org/wiki/HTTPS (or here if you prefer: http://meta.wikimedia.org/wiki/HTTPS )
Thanks everyone for your patience.
Rob
Thanks for the update Rob. I have a couple questions...
On Wed, Aug 21, 2013 at 11:30 AM, Rob Lanphier robla@wikimedia.org wrote:
- Use of GeoIP vs enabling on per wiki basis
Do we really think that we're going to be able to whip out GeoIP targeting as alternative in a week?
* Use of a preference vs login form checkbox vs hidden option vs
sensible default
Are we considering putting a checkbox back on login? I think any of the other options are reasonable, but it seemed pretty clear that everyone agreed this was a bad idea (not to mention something few other sites with SSL support do).
Hi Steven,
Thanks for talking with us earlier today. Responses (and brief notes on our conversation) below:
On Wed, Aug 21, 2013 at 1:59 PM, Steven Walling swalling@wikimedia.org wrote:
Thanks for the update Rob. I have a couple questions...
On Wed, Aug 21, 2013 at 11:30 AM, Rob Lanphier robla@wikimedia.org wrote:
- Use of GeoIP vs enabling on per wiki basis
Do we really think that we're going to be able to whip out GeoIP targeting as alternative in a week?
Tim did this work already. Needs testing, obviously, but the patches are here: https://gerrit.wikimedia.org/r/#/c/80166/ https://gerrit.wikimedia.org/r/#/c/80175/
- Use of a preference vs login form checkbox vs hidden option vs
sensible default
Are we considering putting a checkbox back on login? I think any of the other options are reasonable, but it seemed pretty clear that everyone agreed this was a bad idea (not to mention something few other sites with SSL support do).
Yeah, per our conversation, I think the two major contenders are deep hidden preference and no preference at all. We're going to do the work to make the preference work (since the code is there and just needs a little debugging), and then we can collectively resolve just how hard to find the preference should be :-)
Rob
wikitech-ambassadors@lists.wikimedia.org