On 29 May 2015 at 09:14, John Mark Vandenberg jayvdb@gmail.com wrote:
- no https
(not nice - that means test accounts must be created and accessed using passwords that are sent in essentially cleartext - so sharing passwords with the same account name on the real wikis is a security risk)
It's risky anyway, do you know who has access to the beta cluster? It's not considered secure and you do not need any NDA or anything to get access - if you are using a real password on beta, change it. It's in labs. https://phabricator.wikimedia.org/T50501 is about HTTPS on beta.
- no SUL with the real wikis
(probably the best choice given no https on the beta cluster, but it complicates adding beta wiki to our existing Travis-CI test matrix which includes real wikis)
Beta cluster will never get access to CentralAuth passwords in production. Maybe via OpenID or something, but not proper SUL with production wikis.