On 01/25/2012 06:03 AM, Karsten 'quaid' Wade wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/24/2012 03:40 PM, Ewoud Kohl van Wijngaarden wrote:
I have no experience with mediawiki + openid myself, but maybe
giving it a go and monitor it would be good enough for now.
Possible downsides: - Spammers use openid to spam
Possible upsides: - More open to new people - People can use a
single account for both gerrit and the wiki
Since the wiki edits are also shown on IRC I think spam would be
caught fast enough and in the worst case the change could be
reverted.
That's a good point, the wiki edits are watched that way more carefully.
What would our reaction be if we started to see spam edits via OpenID
accounts?
* Can we easily disable those accounts?
* Would we revert to not using OpenID?
** Sometimes spammers seem to be doing test-spam on a wiki, so a few
scattered edits might be preparation for an onslaught.
Also consider all this in terms of who is taking care of the wiki. We
don't (yet?) have enough individuals or a team that seem to be taking
on any wiki management tasks.
So a spamming situation could rally such folks, but it could also kill
the energy while in the crib by overwhelming it with spam pages from
incrementally more spam accounts.
I'm reacting a bit here to e.g. more wiki pages being incorrectly
named than not, so a lot of wiki gardening required still. OTOH, I am
very much in favor of lowering barriers as much as we can. I'd like to
proceed with this discussion and just figure out a way to
counterbalance the risks, etc.
can we separate the openid support for authentication (so people can
user same user/password) from authorization (can an openid account do
something)?
so we would still have the process of an existing user has to give edit
permissions to an openid user?
_______________________________________________
Infra mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/infra
