https://bugzilla.wikimedia.org/show_bug.cgi?id=57891
--- Comment #20 from Isarra <zhoris...@gmail.com> --- (In reply to James Forrester from comment #18) > "Other stupid decisions have been made, so we should make more!" isn't a > great argument. I think in this case we've got a great, useful tool > (user-level farm-global JS and CSS) and a suspect, unrelated tool (in terms > of user experience, not code). > > Writing code that goes active on all wikis at once is a major security > vulnerability (and hugely disruptive to wikis). This is a major cross-wiki > community issue to which a proper long-term solution is already underway > (global gadgets), and throwing new technical toys doesn't make it easier. > Why don't we focus efforts on the proper solution? Perhaps we don't have the proper solution right now, but we do have this - and fear of community members does not seem like a very convincing argument to me why it wouldn't work well in the meantime, especially as it could well help folks to begin migrating away from the IMPORTS EVERYWHERE paradigm that is currently in place. Something doesn't need to be perfect to be a step in the right direction. In terms of security, though, how would global gadgets even be any better in that respect? Wouldn't any on-by-default global gadget would do exactly that - go active on all wikis at once? -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l