On Sat, Nov 17, 2012 at 9:32 AM, Platonides <[email protected]> wrote: > On 16/11/12 22:04, Brion Vibber wrote: >> Awesome! Another old hack swept away. :D >> >> Do we have a timetable for migrating all login sessions to HTTPS yet? I >> love that we've got a clean HTTPS option available, but it really skeezes >> me out that we still allow logins and passwords over plain HTTP. > > We have self-signed certificates, too... (bug 27291). >
Correction: a self-signed certificate on a portion of our infrastructure we don't want as part of the cluster, where we don't trust our star certificates to live, and where we plan on completely changing how this works, possibly with a different hostname. All of this is mentioned in the bug and none of it has changed. That bug has nothing to do with this discussion. - Ryan _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
