On Fri, Nov 16, 2012 at 2:50 PM, Ryan Lane rlane32@gmail.com wrote:
Awesome! Another old hack swept away. :D
Do we have a timetable for migrating all login sessions to HTTPS yet? I love that we've got a clean HTTPS option available, but it really skeezes me out that we still allow logins and passwords over plain HTTP.
We're waiting on some MediaWiki development work for this. I think Chris Steipp and Roan Kattouw would probably know more.
I've been swamped with a few other projects recently, but once they settle down, we're very close to getting all logins going over https. I think we should be able to enable the preference by 1.21wmf5 or wmf6.