https://bugzilla.wikimedia.org/show_bug.cgi?id=3233
Matthew Flaschen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #11 from Matthew Flaschen <[email protected]> --- I'm concerned about this, particularly with the cookie duration used in Tyler's Gerrit. First of all, this will obviously have ramifications on shared computers, particularly in libraries in schools, where there's a lot of vandalism but also where some constructive people do their only editing. That alone gives me pause. Robert suggested 24 hours, which would definitely mitigate this. However, the proposed implementation (https://gerrit.wikimedia.org/r/#/c/48029/3/includes/User.php) uses the default cookie expiration (since setCookie with duration 0 uses that). The default default (https://www.mediawiki.org/wiki/Manual:$wgCookieExpiration) is now 180 days, which is an entirely different matter from a day. I also think if we do this, it should be controlled by two separate wg config variables: 1. Whether to do it at all, defaulting false. 2. (Ignored if 1 is false) Duration, defaulting to 24 hours or something else very short like that. MZMcBride is also right that it's now much easier to clear your cookies and local storage (private browsing/incognito is relatively well publicized), so we might be mostly targetting the good guys. I realize there are some casual vandals (ignorant of cookies) who randomly get assigned IPs (e.g. through a bad proxy) and keep on rolling. But I'm skeptical it's a worthwhile tradeoff. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
