On Wed, Jul 31, 2013 at 11:40 AM, Tyler Romeo <tylerro...@gmail.com> wrote: > Good question. > > There are two steps to this: > 1) Move all logins to TLS > 2) Move all logged in users to TLS
3) Serve all traffic via HTTPS 4) With PFS and long HSTS timeouts > > The former was dependent on a bug with E:CentralAuth that was causing > $wgSecureLogin to malfunction. I am not sure whether this bug was ever > fixed (I remember seeing Chris submit a patch for it, but I think it was > abandoned). The bug has been fixes as part of the new SUL code. Yay! > > Also, the discussion on https://bugzilla.wikimedia.org/show_bug.cgi?id=52283 > is > probably a blocker for enabled $wgSecureLogin (which would be a > pre-requisite for either of the two above steps). As a few people noticed, we actually threw the switch on wgSecureLogin yesterday, at which point the UX people felt that experience wasn't ready, and it was reverted. This bug was one of the issues identified, where they felt the UX would actually harm the editor experience. We also have some scaling concerns, so ops is also working on making sure we have enough capacity on hand to handle major spikes after we enable this. Hopefully we'll tie up all the loose ends in the near future, and can try getting to step #1 again. > > > *-- * > *Tyler Romeo* > Stevens Institute of Technology, Class of 2016 > Major in Computer Science > www.whizkidztech.com | tylerro...@gmail.com > > > On Wed, Jul 31, 2013 at 2:36 PM, David Gerard <dger...@gmail.com> wrote: > >> Jimmy just tweeted this: >> >> https://twitter.com/jimmy_wales/status/362626509648834560 >> >> I think that's the first time I've seen him say "fuck" in a public >> communication ... >> >> Anyway, I expect people will ask us how the move to all-SSL is >> progressing. So, how is it going? >> >> (I've been telling people it's slowly moving along, we totally want >> this, it's just technical resources. But more details would be most >> useful!) >> >> >> - d. >> >> _______________________________________________ >> Wikitech-l mailing list >> Wikitech-l@lists.wikimedia.org >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
