On Wed, Oct 15, 2014 at 3:39 PM, Chris Steipp <[email protected]> wrote: > On Wed, Oct 15, 2014 at 5:32 AM, Antoine Musso <[email protected]> wrote: >> Le 15/10/2014 12:23, Filippo Giunchedi a écrit : >> <snip> >>> I should clarify that the 1.5% figure there is http+https combined (I >>> think) so the actual figures for https will be lower. >>> >>> In practical terms I think no https would mean not being able to edit as >>> a registered user, anon edit still works over http. >>> >>> +1 to clearly communicate this, perhaps on the "https entry points" e.g. >>> login button at least while http is still the default. >> >> That would prevents those users from logging in entirely since by >> default users have the preference 'prefershttps' set. > > Worse, we always require https on the form that accepts the user's > password. So all logins for IE6+XP users will be broken. > > Updating the hook would be possible. Probably better than not turning > off ssl3 to the main sites though. What about just running a banner on > the site for IE <6 users, telling them that ssl is disabled and soon > they won't be able to login at all, we disable ssl3, and we > temporarily put the CanIPUseHTTPS hook in to not force IE <6 users to > https. After 90 days or so, we pull that part out of the hook, and IE6 > users just have to deal with not being able to login?
Given the numbers Christian pointed out, I think the 90 days interval is pretty irrelevant. It is not like those users will rush to upgrade/change to something not being IE6. I'd be delighted if we convinced something like 5% (~200k people if my numbers are right) of those users to do that. That being said, the plan sounds fine to me. -- Alexandros Kosiaris <[email protected]> _______________________________________________ Analytics mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/analytics
