On 29 May 2015 at 09:14, John Mark Vandenberg <[email protected]> wrote:
> - no https > > (not nice - that means test accounts must be created and accessed > using passwords that are sent in essentially cleartext - so sharing > passwords with the same account name on the real wikis is a security > risk) > It's risky anyway, do you know who has access to the beta cluster? It's not considered secure and you do not need any NDA or anything to get access - if you are using a real password on beta, change it. It's in labs. https://phabricator.wikimedia.org/T50501 is about HTTPS on beta. > - no SUL with the real wikis > > (probably the best choice given no https on the beta cluster, but it > complicates adding beta wiki to our existing Travis-CI test matrix > which includes real wikis) Beta cluster will never get access to CentralAuth passwords in production. Maybe via OpenID or something, but not proper SUL with production wikis. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
