On 23 August 2013 19:40, Marc A. Pelletier marc@uberbox.org wrote:
On 08/23/2013 07:35 PM, Marc A. Pelletier wrote:
Would you care to share with whom that offline discussion is happening?
... and, more importantly, /why/ is that discussion taking place offline in the first place?
As you and others may realise by now, I'm possibly the least technically knowledgeable person who comments on this list. There's a limit as to how often I feel the need to expose my limited knowledge to the immortal glare of this mailing list. I had some questions which I sent to Chris Stiepp (with whom I have worked in the past) and James Alexander (who is working with Chris on reviewing technical and other processes related to advanced permissions). Seems my thoughts weren't completely stupid, and I've been advised they're being discussed further internally at WMF. I have no reason to doubt that is true, and from the first post in this thread it is clear that Chris is actively involved in the entire HTTPS/ secure login action plan.
It's a big Engineering Department, so I wouldn't expect that everyone knows what everyone else is doing all the time; nor would I expect that every discussion about security issues and solutions would necessarily take place on this mailing list, or even on a public mailing list.
Risker