On Fri, Dec 28, 2012 at 10:58 PM, Jeremy Baron jeremy@tuxmachine.comwrote:
On Sat, Dec 29, 2012 at 6:52 AM, bawolff bawolff+wn@gmail.com wrote:
On Fri, Dec 28, 2012 at 1:50 PM, Ryan Lane rlane32@gmail.com wrote:
There's no change. We're still waiting on MediaWiki changes to occur
before
we switch logged-in users to HTTPS by default.
[...]
Furthermore, what does "making the firefox search box be https" have to do with having users log in to secure by default. I suppose we might not want people to loose their login if they're logged into insecure and search via firefox with secure login - is that what you're concerned about, or is it something else?
I was thinking it was just wanting to ramp up load internally first (where it's really easy and fast to ramp back down if needed) and then expand to other places when we're more confident.
Turning on HTTPS by default for all logged in users is one of those ways to ramp up load in a controlled and easily reversible way.
This.
- Ryan