[Wikimedia-l] [Wikitech-l] HTTPS for logged in users on Wednesday August 21st
Pierre-Selim
pierre-selim at huard.info
Wed Aug 21 09:37:35 UTC 2013
First of all, I'm sorry If my tone was not appropriate (keep in mind I'm
not a native speaker).
2013/8/21 Terry Chay <tchay at wikimedia.org>
> On Aug 21, 2013, at 1:39 AM, Pierre-Selim <pierre-selim at huard.info> wrote:
>
> > Just a question: Why imposing HTTPS ? Really, it will be damaging
>
> The reason why is outlined in Ryan's blog post as well as his previous
> post and the Wikipedia entry on https linked from that post.
>
> The short answer is the current state is known to present a number of
> privacy and security vulnerabilities further emphasized by the now-known
> existence of software designed to deliberaty target these vulnerabilities
> in Wikipedia specifically.
>
> https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/
I just think the user should be informed of this and should have the choice
(so the user can make an enlightened choice). And that is mostly my point.
All the explanation you have given are good, and the work of the WMF is
good IMO..
> > Thank you for all the time you spent on this feature, however I'm not
> > convinced at all.
>
> Luckily, the standard for the Movement is consensus, not catering to every
> extremist view with 100% buy-in. The latter standard is impossible as
> people would be affected either way. The technical component is informing
> the decision and helps to hash out some of the details, but this is a case
> where parts of the Vision are being compromised today, and a different
> (hopefully better) compromise is being reached through this rollout.
>
Off course, I was just giving my opinion, I'm one user and do not represent
more than that. We will see how it works out, and I would be happy to owe
you a drink if everything goes smooth.
> Take care,
>
> terry
Thank you for your answer and have a nice roll out.
> >
> >
> > 2013/8/21 Ryan Lane <rlane at wikimedia.org>
> >
> >> On Wed, Aug 21, 2013 at 4:38 AM, Brion Vibber <bvibber at wikimedia.org>
> >> wrote:
> >>
> >>> On Tue, Aug 20, 2013 at 1:33 PM, Nathan <nawrich at gmail.com> wrote:
> >>>
> >>>> Hi, context please?
> >>>
> >>>
> >>> Continuation of this thread from wikitech-l:
> >>
> http://lists.wikimedia.org/pipermail/wikitech-l/2013-August/thread.html#71285
> >>>
> >>>
> >>> tl;dr summary:
> >>> * ops plans to switch logins to HTTPS
> >>> * switching all logins to HTTPS is known to break access for logged-in
> >>> users in countries where Wikimedia's HTTPS servers are blocked by
> >>> government censorship
> >>> * there are some plans to mitigate this by excluding some languages
> from
> >>> the requirement
> >>> * this is controversial for several reasons, one of which is that it
> will
> >>> break access for users in those countries on language projects that are
> >> not
> >>> excepted (eg English Wikipedia in mainland China)
> >> The last point isn't accurate. The original plan was to exempt certain
> >> languages from the login redirection, and those projects would be "home"
> >> wikis. When someone logged-in there, they'd also be logged-in everywhere
> >> else via central auth. The current plan is to disable the HTTPS redirect
> >> using geolocation for countries that have a > 5% error rate for HTTPS
> >> requests.
> >>
> >> This discussion is technical, so I'm going to move back to wikitech-l,
> now.
> >>
> >> - Ryan
> >> _______________________________________________
> >> Wikimedia-l mailing list
> >> Wikimedia-l at lists.wikimedia.org
> >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> >> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> >
> >
> >
> > --
> > Pierre-Selim
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l at lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
>
--
Pierre-Selim
More information about the Wikimedia-l
mailing list