--- Comment #18 from James Forrester <> ---
(In reply to Isarra from comment #17)
> (In reply to James Forrester from comment #16)
> > I understood that the point of this bug was user-level farm-global JS and
> > CSS. Wiki-level farm-global JS and CSS that any admin on meta can edit would
> > instantly turn this immediately into a WONTFIX, IMO.
> Why would that turn it into a wontfix? Meta admins already have access to a
> lot of global features, including centralnotice - which, from what I
> understand, allows the insertion of any arbitrary css and js. We already
> trust them with that, and they've shown to be sensible, so how would this be
> any different?

"Other stupid decisions have been made, so we should make more!" isn't a great
argument. I think in this case we've got a great, useful tool (user-level
farm-global JS and CSS) and a suspect, unrelated tool (in terms of user
experience, not code).

CN currently does allow arbitrary insertion of code, yes, which is one of the
reasons why there are plans to re-work it so that there aren't.

Writing code that goes active on all wikis at once is a major security
vulnerability (and hugely disruptive to wikis). This is a major cross-wiki
community issue to which a proper long-term solution is already underway
(global gadgets), and throwing new technical toys doesn't make it easier. Why
don't we focus efforts on the proper solution?

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to