--- Comment #20 from Isarra <> ---
(In reply to James Forrester from comment #18)
> "Other stupid decisions have been made, so we should make more!" isn't a
> great argument. I think in this case we've got a great, useful tool
> (user-level farm-global JS and CSS) and a suspect, unrelated tool (in terms
> of user experience, not code).
> Writing code that goes active on all wikis at once is a major security
> vulnerability (and hugely disruptive to wikis). This is a major cross-wiki
> community issue to which a proper long-term solution is already underway
> (global gadgets), and throwing new technical toys doesn't make it easier.
> Why don't we focus efforts on the proper solution?

Perhaps we don't have the proper solution right now, but we do have this - and
fear of community members does not seem like a very convincing argument to me
why it wouldn't work well in the meantime, especially as it could well help
folks to begin migrating away from the IMPORTS EVERYWHERE paradigm that is
currently in place. Something doesn't need to be perfect to be a step in the
right direction.

In terms of security, though, how would global gadgets even be any better in
that respect? Wouldn't any on-by-default global gadget would do exactly that -
go active on all wikis at once?

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to