https://bugzilla.wikimedia.org/show_bug.cgi?id=63961
--- Comment #4 from Bawolff (Brian Wolff) <[email protected]> --- (In reply to Marco from comment #3) > (In reply to Sam Reed (reedy) from comment #2) > > Why? > > * Do you mean that some domains could serve corrupt files which can > compromise the wmf network when uploading by url? I believe the concern is potential to be used as part of a DOS attack. Invalid files/viruses/etc are not really a concern as that is not unique to url uploading. > * Did we encounter any problems after adding the ~20 urls we currently have > in the commonswiki-array? Not as far as I know. I highly doubt it. > * Is there any other way to find out if there are problems than whitelisting > all domains in a test environment? Any issues would probably be for security reasons (or perhaps patanoia) i believe. Thats not something a test site would help with. Its the sort of thing that needs to be analytically evaluated (by Chris?) Of course i could just be missing some big issue. > > If we're going to whitelist all, there's probably little point attempting to > > blacklist anything > > Thats true, would be "nice" to have, though. I dont see why. Does anyone actually have any sites to blacklist?. ---- The why for this is presumably commons folks want to be able to use gwtoolset with new sites without asking for a config change first (and having to wait several days). I could certainly see why - instant gratification is more fun :) -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
