RFC: MediaWiki HTTPS policy
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	• csteipp
	Nov 26 2014, 1:12 AM

Description

https://www.mediawiki.org/wiki/Requests_for_comment/MediaWiki_HTTPS_policy

Related Objects

Mentioned In: E198: RFC Meeting: Security is all of our jobs (2016-06-01, #wikimedia-office)
E187: RFC Meeting: triage meeting (2016-05-25, #wikimedia-office)

Event Timeline

• csteipp created this task.Nov 26 2014, 1:12 AM

• csteipp claimed this task.

• csteipp raised the priority of this task from to Medium.

• csteipp updated the task description. (Show Details)

• csteipp added projects: TechCom-RFC, MediaWiki-Core-Team.

• csteipp changed Security from none to None.

• csteipp moved this task from Backlog to In Dev/Progress on the MediaWiki-Core-Team board.

• csteipp subscribed.

Krenair subscribed.Nov 26 2014, 1:17 AM

This RfC is being discussed today. Details: https://lists.wikimedia.org/pipermail/wikitech-l/2014-November/079629.html

Aklapper added a project: HTTPS.Jan 27 2015, 11:14 PM

Aklapper subscribed.

• csteipp moved this task from In Dev/Progress to Backlog on the MediaWiki-Core-Team board.Feb 2 2015, 10:04 PM

JanZerebecki subscribed.Feb 5 2015, 1:30 PM

Liuxinyu970226 subscribed.Feb 26 2015, 2:56 AM

This comment has been deleted.

ArchiCom meeting:

@csteipp , can you update the RFC (see the 2014-11-26 RfC meetbot discussion)

• Spage moved this task from P1: Define to Old on the TechCom-RFC board.Mar 4 2015, 8:41 PM

The current RFC states that Wikipedia Zero partners often disallow HTTPS. I'm wondering how we can address that.

Ignore it. Wikimedia can put a fork in production if they feel it necessary.

But from the Wikimedia side, a good start would be to stop agreeing to allow HTTPS blocking.

hashar unsubscribed.Mar 23 2015, 11:53 AM

The current RFC states that Wikipedia Zero partners often disallow HTTPS. I'm wondering how we can address that.

It's hard to imagine that this is going to be a sustainable policy for long, if it even is today. Wikipedia's transition only contributes to that, and as major media sites transition over the next year, it's only going to become a more and more difficult posture for any organization to take.

bd808 edited projects, added Security-Team; removed MediaWiki-Core-Team.Apr 8 2015, 9:46 PM

This seems to be more about MediaWiki software than Wikimedia ops, but note that since Wikimedia has switched fully to HTTPS, there are no longer Wikimedia concerns about this (including e.g Zero).

Nemo_bis added a project: MediaWiki-Configuration.Nov 26 2015, 3:12 PM

Dzahn moved this task from Backlog to Big Picture on the HTTPS board.Dec 4 2015, 8:43 PM

Aklapper added a project: Traffic.Feb 23 2016, 6:13 PM

Restricted Application added a project: SRE. · View Herald TranscriptFeb 23 2016, 6:13 PM

Danny_B added a project: Proposal.May 22 2016, 11:25 PM

• RobLa-WMF mentioned this in E187: RFC Meeting: triage meeting (2016-05-25, #wikimedia-office).May 25 2016, 7:03 AM

• RobLa-WMF mentioned this in E198: RFC Meeting: Security is all of our jobs (2016-06-01, #wikimedia-office).May 27 2016, 11:20 PM

BBlack removed projects: Traffic, SRE.Jul 27 2016, 8:47 PM

Restricted Application added a project: Traffic. · View Herald TranscriptJul 27 2016, 8:47 PM

BBlack removed projects: Traffic, HTTPS.Jul 27 2016, 8:47 PM

Aklapper removed • csteipp as the assignee of this task.Dec 9 2017, 4:43 PM

Krinkle removed a project: Proposal.Dec 21 2017, 11:39 PM