On Thu, Jun 6, 2013 at 6:56 PM, Tyler Romeo tylerromeo@gmail.com wrote:
Quick two questions:
- Was that bug with E:CentralAuth that prevented us from turning on
$wgSecureLogin ever fixed? If so, can we attempt another deployment?
- I noticed something in the signpost:
Walsh told the *Signpost* that while moving to an https default is a goal
the WMF is actively working on, doing so is not "trivial"—it is a
delicate
process that the WMF plans to enable in graduated steps, from logged-in users to testing on smaller wikis before making it the default for anonymous users and readers on all projects.
Is this at all true? Because from what I've been told on bug reports it seems like turning on HTTPS would indeed be a trivial step and that the operations team has confirmed we can do it at will. I also question the definition of "actively working on". ;)
You are misreading. What is being discussed is HTTPS by default for anonymous readers.
- Ryan