On Sat, Nov 17, 2012 at 9:32 AM, Platonides <Platonides(a)gmail.com> wrote:
On 16/11/12 22:04, Brion Vibber wrote:
Awesome! Another old hack swept away. :D
Do we have a timetable for migrating all login sessions to HTTPS yet? I
love that we've got a clean HTTPS option available, but it really skeezes
me out that we still allow logins and passwords over plain HTTP.
We have self-signed certificates, too... (bug 27291).
Correction: a self-signed certificate on a portion of our
infrastructure we don't want as part of the cluster, where we don't
trust our star certificates to live, and where we plan on completely
changing how this works, possibly with a different hostname. All of
this is mentioned in the bug and none of it has changed. That bug has
nothing to do with this discussion.