Wiki password reset in plain text
When resetting a password on the wiki, the final POST request containing the new password is sent via insecure http by default. This would enable anyone sniffing on the network to discover the new password.
Going to Preferences -> Change password takes you to:
The action of the reset form is set to: http://wiki.alpinelinux.org/w/index.php?title=Special:ChangeCredentials/MediaWiki%5CAuth%5CPasswordAuthenticationRequest&returnto=Special%3APreferences
Changing the protocol to https seems to work.
Can we disable the http URL, and set the form action to https? Is this an Alpine configuration thing, or a more serious MediaWiki thing?