On 23 August 2013 23:31, Risker risker.wp@gmail.com wrote:
There are other options. The question is whether or not they can be made to work in the MediaWiki/WMF circumstances. If you looked at the data collected to see where HTTPS attempts were unsuccessful, you'd see that there are editors in a lot of countries with issues (i.e., greater than 5% failure rates), and most of them are technical issues. Suddenly you're not just talking about a few projects, you're talking about dozens who may have difficulty getting CU/OS support internally.
That doesn't change the security consideration.
The people in our many overlapping MediaWiki and Wikimedia communities have come up with a lot of very creative solutions to problems that other sites haven't figured out or don't care enough to bother with. I have a lot of faith that some out of the box thinking might very well resolve this specific issue, and possibly open a gateway to solving the security issue for even larger groups.
And until then, it actually needs to be HTTPS-only. I'm horrified it isn't already.
- d.