On Tue, Apr 30, 2013 at 2:59 PM, Matthew Walker mwalker@wikimedia.orgwrote:
We enabled it for about an hour previously (before reverting due to the centralauth bug), and the change was barely noticeable in ganglia.
Do we have numbers on what this did to the number of active editors during that time period? Esp. broken down on a per country basis?
I think I want to agree with Petr -- we should not be forcing SSL always; we should be respecting what the user requested. In that way if it ever becomes enforced by a government that SSL is disallowed users may still contribute to the site. (Remember we block things like Tor so they can't even proxy around it.)
Perhaps we should just make it really obvious on the login page (e.g. big button to login via SSL, small button to not do so.)
I know it's heretical to base what we do on more popular sites, especially the great evil that is facebook, but let's assume they know what they are doing. Visit facebook. Looks to me like it redirects to https even if you specifically ask for http. Nowhere on the page does it give you an option to switch to http. They have twice the number of users as us.
"Do we have numbers?" seems to be the death call of discussions on our lists lately. We have examples we can look at to know what we're doing is sensible.
- Ryan