On Sat, Nov 17, 2012 at 9:32 AM, Platonides Platonides@gmail.com wrote:
On 16/11/12 22:04, Brion Vibber wrote:
Awesome! Another old hack swept away. :D
Do we have a timetable for migrating all login sessions to HTTPS yet? I love that we've got a clean HTTPS option available, but it really skeezes me out that we still allow logins and passwords over plain HTTP.
We have self-signed certificates, too... (bug 27291).
Correction: a self-signed certificate on a portion of our infrastructure we don't want as part of the cluster, where we don't trust our star certificates to live, and where we plan on completely changing how this works, possibly with a different hostname. All of this is mentioned in the bug and none of it has changed. That bug has nothing to do with this discussion.
- Ryan