https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Bryan Davis bda...@wikimedia.org changed:
What|Removed |Added
See Also|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Bryan Davis bda...@wikimedia.org changed:
What|Removed |Added
See Also|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #94 from Bryan Davis bda...@wikimedia.org ---
(In reply to Matthew Flaschen from comment #93)
If cost is the issue, did we consider setting up our own certificate
authority (chained to an existing root)? It's an upfront cost, but
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Greg Grossmeier g...@wikimedia.org changed:
What|Removed |Added
Status|NEW |RESOLVED
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
se4598 se4...@se4598.eu changed:
What|Removed |Added
Status|RESOLVED|REOPENED
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #93 from Matthew Flaschen mflasc...@wikimedia.org ---
I can think of three significant problems with self-signed certificates:
1. It trains people to ignore SSL warnings, which means they ignore them when
it's a legit problem.
2.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Antoine hashar Musso has...@free.fr changed:
What|Removed |Added
Blocks||63538
--
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #86 from Antoine hashar Musso has...@free.fr ---
The beta cluster has for Varnish instances with a Nginx HTTPS proxy installed.
Nginx refuses to start because the star.wmflabs.org certificate is invalid:
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Daniel Zahn dz...@wikimedia.org changed:
What|Removed |Added
CC||dz...@wikimedia.org
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #88 from Daniel Zahn dz...@wikimedia.org ---
for *.wmflabs.org, the self-signed cert has recently been replaced with one
from RapidSSL , at first the chained file, which is created by puppet was
wrong, the above changes should have
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #89 from Daniel Zahn dz...@wikimedia.org ---
(In reply to Antoine hashar Musso from comment #86)
star.wmflabs.org would cover the entries:
bits.beta.wmflabs.org
upload.beta.wmflabs.org
wikidata.beta.wmflabs.org
I'm afraid it
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #90 from Antoine hashar Musso has...@free.fr ---
I'm afraid it can't and *.wmflabs.org is not *.beta.wmflabs.org (only one
level of wildcard possible). But ask RobH to make sure.
Ah indeed my bad. Sorry :-]
--
You are
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #85 from Matthew Flaschen mflasc...@wikimedia.org ---
(In reply to Greg Grossmeier from comment #84)
* Setup was(is?) annoying because of the lack of easy way to secure these
private certs from other non-WMF root labs users.
I
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Greg Grossmeier g...@wikimedia.org changed:
What|Removed |Added
Priority|Highest |Normal
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Marc A. Pelletier m...@uberbox.org changed:
What|Removed |Added
CC||m...@uberbox.org
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #77 from Greg Grossmeier g...@wikimedia.org ---
login.wikipedia.beta.wmflabs.org
meta.wikipedia.beta.wmflabs.org
en.wikipedia.beta.wmflabs.org
bits.beta.wmflabs.org
upload.beta.wmflabs.org (for some icons on meta/login)
That's all
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Kunal Mehta (Legoktm) legoktm.wikipe...@gmail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #79 from Chris McMahon cmcma...@wikimedia.org ---
http://commons.wikimedia.beta.wmflabs.org/ is important
--
You are receiving this mail because:
You are on the CC list for the bug.
___
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #80 from Greg Grossmeier g...@wikimedia.org ---
(In reply to Kunal Mehta (Legoktm) from comment #78)
http://meta.wikimedia.beta.wmflabs.org/wiki/Special:SiteMatrix is the full
list.
For the avoidance of doubt: we're not doing
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #81 from Marc A. Pelletier m...@uberbox.org ---
Yeah, we can't do all; we can't even reasonably all the necessary wildcards to
cover the whole matrix.
I have six now; any more?
--
You are receiving this mail because:
You are on
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #82 from Kunal Mehta (Legoktm) legoktm.wikipe...@gmail.com ---
(In reply to Greg Grossmeier from comment #80)
For the avoidance of doubt: we're not doing them all, just a subset. SSL
certs are a racket and expensive.
Oh,
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #83 from Chris Steipp cste...@wikimedia.org ---
wikidata.beta.wmflabs.org might be nice, since I know a few gadgets go cross
domain to it.
I think the dewiki community also wanted to have de.wikipedia.beta.wmflabs.org,
but unless
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #74 from Chris McMahon cmcma...@wikimedia.org ---
We have stopped running browser tests over https.
I think we still want SSL for labs, but I don't know of anyone actively working
on that right now.
--
You are receiving this
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #75 from Chris Steipp cste...@wikimedia.org ---
I think we do want it, on a limited set of subdomains to keep the cost down.
Beta's:
- loginwiki (so we can check SUL interactions)
- metawiki (so OAuth works correctly and securely)
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #71 from Andre Klapper aklap...@wikimedia.org ---
Greg and RobLa: RT ticket states you wanted to discuss how to proceed here.
Any updates (or should this not be highest priority)?
--
You are receiving this mail because:
You are on
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #72 from Antoine hashar Musso has...@free.fr ---
Still highest priority. We want to get that done while I am in SF, hopefully
this afternoon (PST time).
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #73 from Antoine hashar Musso has...@free.fr ---
(In reply to comment #72)
Still highest priority. We want to get that done while I am in SF, hopefully
this afternoon (PST time).
Sorry, was referring to another bug :-/
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #70 from Krinkle krinklem...@gmail.com ---
Would it be an option to flatten our subdomains?
We'd only need beta.wmflabs.org and *.beta.wmflabs.org to be in the certificate
(at e.g. DigiCert, those wildcards are $1425 for 3 years
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #69 from Andre Klapper aklap...@wikimedia.org ---
Reason in comment 16 is past (testing of new default HTTPS access), but warning
message in Selenium probably still justifies highest prio? (for four months
now)
(In reply to comment
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #68 from Antoine hashar Musso has...@free.fr ---
Buying certs is pending approval according to RobH a few days ago. The related
ticket is https://rt.wikimedia.org/Ticket/Display.html?id=6116
--
You are receiving this mail
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #67 from Antoine hashar Musso has...@free.fr ---
I have cleaned up permissions on the deployment-prep labs project (ie: beta
cluster).
The project admins are now limited to people from the Wikimedia ops and mw-core
teams.
Root
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #66 from Ryan Kaldari rkald...@wikimedia.org ---
1. Remove projectadmin permissions from volunteers
I also just removed TheDJ since he didn't have an NDA on file and he didn't
respond to my email asking if he wanted to sign one.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Greg Grossmeier g...@wikimedia.org changed:
What|Removed |Added
Summary|[OPS] beta: Get SSL |beta: Get SSL
33 matches
Mail list logo