Just curious -- what's the state of forcing HTTPS for all user sessions? It's simple common sense at this point to protect all our users from session hijacking on local networks or MITM attacks.
I see some Gerrit activity on adding "preferences" or special groups for HTTPS, which seems a horrid practice when we could just protect everyone... -- brion _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
