So, if the masses finally decide that we "need" SSL, who's paying for
the security certificate? Or would we have to plan to run without a
properly signed cert?
Of course, the certifiacte would have to be "owned" by someone. Who's
name is going to be on the certificate? Bomis'? That wouldn't make
sense, since we'd have to get a new one when the non-profit is set up.
Whether SSL is a good idea in this situation isn't the issue. Setting
it up properly involves getting some other things done first. IMHO,
Moving forward on SSL at this point would be slightly premature.
Jason
Tomasz Wegrzanowski wrote:
On Mon, Mar 31, 2003 at 01:38:19PM -0600, Lee Daniel
Crocker wrote:
(Tim
Starling <ts4294967296(a)hotmail.com>)m>):
If we really want to be serious about security we'll have to use
ssl for login, but I don't know how to do that.
That's entirely too paranoid. Frankly, I don't see much need
for high security of Wikipedia logins. It's not like we're
storing medical records. (Oh my God! My neighbor might find
out that I like the "Nostalgia" skin!) The only real risk is
that someone might log in as me and make edits in my name, but
then I'd just disavow them and change my password.
We should make it an option to login via SSL at least for sysops.
It's pretty dangerous to send sysop passwords unencrypted.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)wikipedia.org
http://www.wikipedia.org/mailman/listinfo/wikitech-l
--
"Jason C. Richey" <jasonr(a)bomis.com>