Over the past couple of weeks we have been making some changes to our firewall and on Monday, November 16 2015 (view in your timezone) we are planning to upgrade the devices to improve performance and security.
We estimate that the upgrade should take no longer than an hour. In order to minimise risk and potential errors we will be putting the marketplaces into maintenance mode whilst the upgrade is being performed. Thus, HTTP and API access to the marketplaces will not be available for the duration of the upgrade.
Once the maintenance has been completed we will update this thread to let everyone know it’s been done.
Should you have any questions, please don’t hesitate to let me know!
Just curious, why not to do it at weekend (Sunday, for example), when traffic is much lower?
The marketplaces, we don’t really have a “quiet” day which makes this sort of thing very difficult to schedule. Our request rate is just as active on a Sunday as many other days in the week. For most of these larger changes that we make, we schedule it within Australian business hours as that is the quietest period of the day and it’s the most suitable for times for our staff to be monitoring the changes.
Judging by my sales in the past 2 years - Sunday is the quietest day there is on Themeforest. Wednesday is the hottest day. I have to agree with @halfdata - Sunday would have been a better time to do this…
Funny you mention this as we had a conversation about this only hours ago
As mentioned by Sebastian a while back, we are well aware of the pitfalls of not having TLS across the marketplaces and are actively trying to fix this. There has been a few experiments using GitHub’s camo proxy and rewriting URL’s to use a CDN however at this stage neither of those ideas are production ready for us. One option that has been raised is to put everything except the user generated pages under TLS however this still leaves the issue that should you visit those item pages the session will be unencrypted - thus defeating the purpose of encrypting it. Taking this route would make the TLS hole a little smaller however doesn’t completely solve the issue we set out to fix. Additionally, when we roll out TLS for general availability we also need to be 110% certain that our tools (such as DDoS mitigation) can functionality effectively on both traffic types without leaving gaps.
On a side note, it’s worth mentioning that while TLS is a key part of security it’s definitely not the silver bullet. The last couple of months have seen a few projects underway which have been addressing other aspects of the security sphere to limit or completely remove some vectors from our marketplaces. While this hasn’t always been visible to users, it has definitely been happening.
I’m hoping this gives you more of an idea of where the situation is at.
Thank you for the elaborate response!
I really hope that the marketplace moves to SSL fully soon. From what I’ve heard Google is using HTTPS as a signal now, and it would be very nice addition to item descriptions.