by a shift to https without chaning the old links to https? Example https://tracker.moodle.org/browse/MDL-34252.

Visvanath I think you might be onto something there!
Thanks Visvanath, I have created an issue for it: MDLSITE-2066.
Hi All,
AFAIK Tracker has been update to the major version, 4 > 5: quick evidence from the (new) layout and from the footer (v5.2.2).
Probably a required (and planned) step in the HQ Tools roadmap, even for https://tracker.moodle.org/browse/MDLSITE-1201?focusedCommentId=186358&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-186358.
Matteo
As per my comment on the tracker ticket, I have now setup http to https rewrites. Tracker was upgraded recently, and had a couple of config issues which should now hopefully be resolved.
- Matt
Thanks very much for this - will this also fix this error message I am seeing with the activity stream?
(Don't want to drift off topic, but..)
Before talking of solutions my dumb question is, what is the purpose of "secure" connections to a public site? OK, credentials of the developers should not be compromised, but then you can have HTTPS for logins
That doesn't prevent session hijacking. Not to say that this is keeping me awake a night, but if you are going to do SSL then you may as well do it properly.
There are some aspects of the tracker which are not public. e.g discussing Moodle security issues before they are fixed. So I wouldn't necessarily agree with your summation of it being a public site.
And, why not? HTTPS does prevent intermediate proxies from caching resources and people like to talk about the CPU overhead of decrypting communications, but in todays world I do not think these are top of performance problems. Which is why Google, Facebook, GMail etc now use SSL by default.