AlexMyltsev wrote:As I mentioned back in 2016, setting up HTTPS is a matter of half an hour.
No, it's much more than that: traffic is distributed to multiple servers that use different technologies, and users should be transparently handled by all servers. Installing a certificate on a server is easy, however configuring the whole system to work consistently is not completely obvious. Our multi-server architecture may require some modification to work under https. We also have to modify some custom extensions, which were originally conceived to work under http only.
Preliminary tests have also revealed that the MediaWiki software version currently used (1.29) has a strange behavior related to the management of login/session cookies under https. The session storage has been changed since previous versions, and sometimes the mechanism to prevent session hijacking is unexpectedly triggered. This is very nasty as users cannot login then. This problem may be somehow emphasized by our multi-server architecture, so we have to be very careful before deploying https. Extensive testing is required.
Meanwhile, MediaWiki version 1.30 was released. Updating from version 1.29 to version 1.30 will require to perform the complete set of non-regression tests, too. So, it makes sense to perform the two activities (upgrade to version 1.30 and modifications/tests for https) altogether. We generally perform Mediawiki version upgrades during off-peak traffic periods (Christmas, Easter, or Summer), to minimize the impact of possible issues. So, the next reasonable target is Easter time. I'm afraid that you have to patient, and accept "this deplorable situation" a little bit longer...
Max