On Fri, Dec 28, 2012 at 10:58 PM, Jeremy Baron <jeremy(a)tuxmachine.com>wrote;wrote:
On Sat, Dec 29, 2012 at 6:52 AM, bawolff
<bawolff+wn(a)gmail.com> wrote:
On Fri, Dec 28, 2012 at 1:50 PM, Ryan Lane
<rlane32(a)gmail.com> wrote:
> There's no change. We're still waiting on MediaWiki changes to occur
before
> we switch logged-in users to HTTPS by
default.
[...]
Furthermore, what does "making the firefox
search box be https" have
to do with having users log in to secure by default. I suppose we
might not want people to loose their login if they're logged into
insecure and search via firefox with secure login - is that what
you're concerned about, or is it something else?
I was thinking it was just wanting to ramp up load internally first
(where it's really easy and fast to ramp back down if needed) and then
expand to other places when we're more confident.
Turning on HTTPS by default for all logged in users is one of those
ways to ramp up load in a controlled and easily reversible way.