Quick two questions:
1) Was that bug with E:CentralAuth that prevented us from turning on $wgSecureLogin ever fixed? If so, can we attempt another deployment?
2) I noticed something in the signpost:
Walsh told the *Signpost* that while moving to an https default is a goal
the WMF is actively working on, doing so is not "trivial"—it is a delicate process that the WMF plans to enable in graduated steps, from logged-in users to testing on smaller wikis before making it the default for anonymous users and readers on all projects.
Is this at all true? Because from what I've been told on bug reports it seems like turning on HTTPS would indeed be a trivial step and that the operations team has confirmed we can do it at will. I also question the definition of "actively working on". ;)
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Thu, Jun 6, 2013 at 6:56 PM, Tyler Romeo tylerromeo@gmail.com wrote:
Quick two questions:
- Was that bug with E:CentralAuth that prevented us from turning on
$wgSecureLogin ever fixed? If so, can we attempt another deployment?
- I noticed something in the signpost:
Walsh told the *Signpost* that while moving to an https default is a goal
the WMF is actively working on, doing so is not "trivial"—it is a
delicate
process that the WMF plans to enable in graduated steps, from logged-in users to testing on smaller wikis before making it the default for anonymous users and readers on all projects.
Is this at all true? Because from what I've been told on bug reports it seems like turning on HTTPS would indeed be a trivial step and that the operations team has confirmed we can do it at will. I also question the definition of "actively working on". ;)
You are misreading. What is being discussed is HTTPS by default for anonymous readers.
- Ryan
On Thu, Jun 6, 2013 at 7:10 PM, Ryan Lane rlane32@gmail.com wrote:
You are misreading. What is being discussed is HTTPS by default for anonymous readers.
Ah yes. I see now.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Thu, Jun 6, 2013 at 3:56 PM, Tyler Romeo tylerromeo@gmail.com wrote:
Quick two questions:
- Was that bug with E:CentralAuth that prevented us from turning on
$wgSecureLogin ever fixed? If so, can we attempt another deployment?
Yep, the SUL work that we're doing fixes this. So once the new version of SUL is rolled out, we should be able to turn on $wgSecureLogin again. The only other thing I can image delaying it again would be if the UX people have issues with the lock icons that $wgSecureLogin adds. But that would be a trivial thing to hide.
On Mon, Jun 10, 2013 at 8:09 PM, Chris Steipp csteipp@wikimedia.org wrote:
Yep, the SUL work that we're doing fixes this. So once the new version of SUL is rolled out, we should be able to turn on $wgSecureLogin again. The only other thing I can image delaying it again would be if the UX people have issues with the lock icons that $wgSecureLogin adds. But that would be a trivial thing to hide.
Awesome! Thanks for the update.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
wikitech-l@lists.wikimedia.org