https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #56 from Ryan Kaldari rkald...@wikimedia.org ---
No I don't. It currently redirect to HTTPS for me in Safari and fails to load
completely in Firefox.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Jon jrob...@wikimedia.org changed:
What|Removed |Added
CC||jrob...@wikimedia.org
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #58 from Ryan Lane rlan...@gmail.com ---
If MobileFrontend doesn't work without HTTPS it's broken. That's a different
bug, though.
Anyway, this isn't blocked on ops. In comment 46 I listed the steps that need
to be taken, and they
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #59 from Max Semenik maxsem.w...@gmail.com ---
Well, disabling secure login is easy - much better to have a couple of tests
failing than not be able to run them at all.
--
You are receiving this mail because:
You are on the CC
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #60 from Chris Steipp cste...@wikimedia.org ---
Secure login is disabled
--
You are receiving this mail because:
You are on the CC list for the bug.
___
Wikibugs-l mailing list
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #62 from Max Semenik maxsem.w...@gmail.com ---
(In reply to comment #46)
2. Clean up sudo policies to disallow root on varnish systems (that will have
real certs)
I assume this means that non-admins should not have sudo on these
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #63 from Greg Grossmeier g...@wikimedia.org ---
unassigning from Ryan to reflect reality.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
Wikibugs-l
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #61 from Greg Grossmeier g...@wikimedia.org ---
(In reply to comment #58)
Anyway, this isn't blocked on ops. In comment 46 I listed the steps that need
to be taken, and they can be taken by anyone that has projectadmin in
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Rob Halsell rhals...@wikimedia.org changed:
What|Removed |Added
Assignee|rlan...@gmail.com
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Rob Halsell rhals...@wikimedia.org changed:
What|Removed |Added
Assignee|rhals...@wikimedia.org |rlan...@gmail.com
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #64 from Rob Halsell rhals...@wikimedia.org ---
So I took the bug thinking the cert was blocking everything, however that is
not the case.
I will handle the purchase of the certificate, but I am not claiming any
ownership over any
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Rob Halsell rhals...@wikimedia.org changed:
What|Removed |Added
Assignee|rlan...@gmail.com |g...@wikimedia.org
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #54 from Ryan Kaldari rkald...@wikimedia.org ---
Any progress on this? It's been 2 weeks and we still can't do acceptance
testing on beta labs.
And no we can't not use https:
http://en.m.wikipedia.beta.wmflabs.org/wiki/Main_Page
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #55 from Matthew Flaschen mflasc...@wikimedia.org ---
(In reply to comment #54)
Although I have no idea why the HTTP version doesn't load.
It does for me, both in browsers and using curl. Is it possible you have HTTPS
Everywhere
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Krinkle krinklem...@gmail.com changed:
What|Removed |Added
CC||krinklem...@gmail.com
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Ryan Kaldari rkald...@wikimedia.org changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #50 from Ryan Lane rlan...@gmail.com ---
(In reply to comment #49)
Currently getting a cert warning when trying to go to:
https://deployment.wikimedia.beta.wmflabs.org/
This is breaking our automation tests for mobile.
Heh. Did
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #51 from Ryan Kaldari rkald...@wikimedia.org ---
I guess the first part of my comment is redundant with what you already know.
Mostly, I wanted to convey that our automation testing is broken, in case that
affects prioritizing.
--
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #52 from Ryan Lane rlan...@gmail.com ---
(In reply to comment #51)
I guess the first part of my comment is redundant with what you already know.
Mostly, I wanted to convey that our automation testing is broken, in case
that
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #53 from Chris McMahon cmcma...@wikimedia.org ---
Should be Real Soon Now: https://bugzilla.wikimedia.org/show_bug.cgi?id=55804
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #46 from Ryan Lane rlan...@gmail.com ---
Summary of IRC conversation:
1. Remove projectadmin permissions from volunteers
2. Clean up sudo policies to disallow root on varnish systems (that will have
real certs)
3. Buy * certs
Any
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Aude aude.w...@gmail.com changed:
What|Removed |Added
CC||aude.w...@gmail.com
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #48 from Ryan Lane rlan...@gmail.com ---
It's going to be an all-inclusive * cert for beta.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
Wikibugs-l
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #45 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 87045 merged by jenkins-bot:
Labs: Turn off secure login on loginwiki due to untrusted SSL
https://gerrit.wikimedia.org/r/87045
--
You are receiving this mail
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #37 from Antoine hashar Musso has...@free.fr ---
Calm down, what we need is to use the 'Labs CA' certificate authority to
generate all the certificates we need, then add that authority as a trusted one
in the browsers.
I would do
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Gerrit Notification Bot gerritad...@wikimedia.org changed:
What|Removed |Added
Status|NEW
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #38 from Gerrit Notification Bot gerritad...@wikimedia.org ---
Change 87045 had a related patch set uploaded by Mattflaschen:
Labs: Turn off secure login on loginwiki due to untrusted SSL
https://gerrit.wikimedia.org/r/87045
--
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Matthew Flaschen mflasc...@wikimedia.org changed:
What|Removed |Added
Status|PATCH_TO_REVIEW |NEW
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #40 from Ryan Lane rlan...@gmail.com ---
Has anyone considered creating a CA
(http://pages.cs.wisc.edu/~zmiller/ca-howto/), generating a * cert, and adding
that certificate to the browser's trust? Is that a possibility using the
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Yuvi Panda yuvipa...@gmail.com changed:
What|Removed |Added
CC||yuvipa...@gmail.com
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #42 from Chris McMahon cmcma...@wikimedia.org ---
(In reply to comment #40)
I'm still not opposed to getting a proper cert, but that requires some
infrastructure and permissions changes in deployment-prep...
Since we've been
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #43 from Ryan Lane rlan...@gmail.com ---
(In reply to comment #41)
(In reply to comment #29)
There's also the option which had been discussed before: make a new labs
project whose sole purpose would be to do SSL termination and
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #44 from Ryan Lane rlan...@gmail.com ---
(In reply to comment #42)
(In reply to comment #40)
I'm still not opposed to getting a proper cert, but that requires some
infrastructure and permissions changes in deployment-prep...
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #34 from Chris McMahon cmcma...@wikimedia.org ---
Yes. Using beta continues to be a hassle, and in the near future the SSL issue
is going to be a big problem.
--
You are receiving this mail because:
You are on the CC list for the
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
James Forrester jforres...@wikimedia.org changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #36 from Chris McMahon cmcma...@wikimedia.org ---
(In reply to comment #35)
(In reply to comment #33)
(In reply to comment #32)
(In reply to comment #19)
For those playing along at home: The Beta Cluster currently does not
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Matthew Flaschen mflasc...@wikimedia.org changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #33 from Matthew Flaschen mflasc...@wikimedia.org ---
(In reply to comment #32)
(In reply to comment #19)
For those playing along at home: The Beta Cluster currently does not have
https by default turned on for this very reason
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #31 from Chris McMahon cmcma...@wikimedia.org ---
Bumping this with a note that this affects our ability to run automated tests
with IE10 only. (Demo on request) Other versions of IE seem to be OK with the
current situation on
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
See Also|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Rob Lanphier ro...@wikimedia.org changed:
What|Removed |Added
CC||ro...@wikimedia.org
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #19 from Greg Grossmeier g...@wikimedia.org ---
For those playing along at home: The Beta Cluster currently does not have https
by default turned on for this very reason (it broke browser tests).
--
You are receiving this mail
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #20 from Chris McMahon cmcma...@wikimedia.org ---
Mostly it makes using beta labs manually a real hassle.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #21 from Ryan Lane rlan...@gmail.com ---
Is it not possible to disable certificate checking on the automated browser
tests until we get a proper certificate? I remember this being possible years
ago when I built a selenium
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #22 from Chris McMahon cmcma...@wikimedia.org ---
The automated tests were OK I think with maybe some small exceptions. The
hassle was having to visit all the hosts (e.g. bits) in your browser in order
to use any beta wikis.
--
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #23 from Antoine hashar Musso has...@free.fr ---
My original requests was to generate certificates for the beta wildcards
domains using the 'Labs CA' certificate authority. By adding that authority
certificate in the browser (or
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #24 from Rob Lanphier ro...@wikimedia.org ---
Ryan, it's possible to work around the problem, but the issue is that, for
manual testing, it's too easy to blame the SSL problem for things that might be
totally unrelated. Let's
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #25 from Ryan Lane rlan...@gmail.com ---
Understandable for manual testing. I just wanted to make sure the automated
tests weren't actually blocked, since there's ways to relatively easily
workaround the issue.
As I've mentioned in
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #26 from Antoine hashar Musso has...@free.fr ---
(In reply to comment #25)
In the future Yuvi's proxy will handle load balancing, HTTPS and such.
We'll able to drop the NDA requirement (and the SSL cert) once we have that.
I dont
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #27 from Ryan Lane rlan...@gmail.com ---
Ah. Indeed. Well, let's treat deployment-prep like tools and require NDAs for
all roots...
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #28 from Alex Monk kren...@gmail.com ---
(In reply to comment #25)
As I've mentioned in the past, I'm totally fine with getting an SSL cert for
beta, assuming we ensure every project member in deployment-prep has a signed
NDA.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #29 from jeremyb bugzilla+org.wikime...@tuxmachine.com ---
There's also the option which had been discussed before: make a new labs
project whose sole purpose would be to do SSL termination and would then relay
to varnish.
Then
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #30 from Ryan Lane rlan...@gmail.com ---
Hm. That isn't a bad idea. If we were to do that, I'd want to move the ssl
terminators and the caching layer there, and strip private IP info at that
layer. Then we can change beta's privacy
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Bartosz Dziewoński matma@gmail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Bartosz Dziewoński matma@gmail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Niklas Laxström niklas.laxst...@gmail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Nemo federicol...@tiscali.it changed:
What|Removed |Added
Priority|Normal |Highest
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #17 from Platonides platoni...@gmail.com ---
There's no interface with firefox, either. The workaround is to manually go to
https://bits.beta.wmflabs.org/ and accept the certificate there.
--
You are receiving this mail because:
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #12 from Greg Grossmeier g...@wikimedia.org ---
*** Bug 53113 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Greg Grossmeier g...@wikimedia.org changed:
What|Removed |Added
Priority|Low |Normal
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Nik Everett neverett+bugzi...@wikimedia.org changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Chris McMahon cmcma...@wikimedia.org changed:
What|Removed |Added
Blocks||51494
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #7 from Alex Monk kren...@gmail.com ---
The other browsers don't like it either. Why is IE so special to you?
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #8 from Chris McMahon cmcma...@wikimedia.org ---
in the configurations we're using, other browsers don't require an automated
test to negotiate a warning screen, see the screen shot on Bug 52121
--
You are receiving this mail
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Alex Monk kren...@gmail.com changed:
What|Removed |Added
CC||cste...@wikimedia.org
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
--- Comment #5 from Antoine hashar Musso has...@free.fr ---
*** Bug 52121 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Antoine hashar Musso has...@free.fr changed:
What|Removed |Added
Blocks|51622 |51580
---
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Antoine hashar Musso has...@free.fr changed:
What|Removed |Added
Blocks||51622
--
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Antoine hashar Musso has...@free.fr changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=48501
Antoine hashar Musso has...@free.fr changed:
What|Removed |Added
Keywords||ops
70 matches
Mail list logo