On 2016-11-29 02:09 PM, Jonathan Morgan wrote:
Out of curiosity (not snark), who has final say on these matters: Security, or Legal?
Nowadays, probably security (although I suppose Legal will always have a final veto for - well - legal reasons). At the time, Legal was handling it because the privacy policy is their domain, and there wasn't much of "Security" to speak of beyond individual stakeholders.
My concern isn't that security shouldn't have the say so much as the fact that I'm a little surprised that an informed decision from legal ends up being reversed 180° without any apparent reference to that prior discussion. I'm all for revisiting decisions when it makes sense to do so; but revisiting a decision requires actually /revisiting/ the decision - not ignoring prior context as though the current setup was pulled out of thin air.
And - for the record - I've no fondness for making user properties available as they were. It's not an accident that I directed the question at Legal at the time: while there was a reasonable user request for them, it was clear from the outset there was a privacy aspect that needed to be addressed.
-- Coren / Marc _______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
