https://bugzilla.wikimedia.org/show_bug.cgi?id=25676
--- Comment #8 from Michael Dale <[email protected]> 2011-03-24 09:31:43 UTC --- As previously mentioned [1] the reported CSRF was fixed within hours of it being reported. If there is an outstanding actual issue please do file the bug or please do highlight something other than what has already been fixed ages ago. Proposals to address protocol concerns have been made: ie numbered chunks in request and response, and a 5 min time out. These propsals were made directly to Tim Starling one year ago on 03/18/2010 by the firefogg author, which revived no reply. Then again revisited by Mark Hershbergs work to re-factor the chunk support on 04/08/2010 again with request for private comment with no response. Then again publicly on the mailing list Tim suggested a 3rd party chunk protocol that was practically identical to the firefogg protocol, leaving a hanging inquiry by Neil "What in your view would a better version look like? The PLupload protocol seems quite similar. I might be missing some subtle difference." [2] If there is an actual proposal ( i.e not a impossible to disprove negative ), please please please do make thous comments, bug or proposal known. I don't see how repeating the phrase "buggy and potentially insecure" is constructive. It is true chunk uploading can be implemented in native browser XHR which is fine and good. But this still requires a "chunks" support extension similar to the extension associated with this bug request. A distinction should be made between the browser ad-on and the server side chunk support. This bug refers to the server side chunk support which has little to do with browser ad-on. We can rename the extension to "chunked upload" since clearly some people may have some aversions to the word "firefogg"? And of course native browser XHR will not support transcoding proprietary video files into free codecs, and for cases where the user wants to upload a video clip in a non-free format recommending firefogg is perfectly reasonable, and not dependent on chunk uploading being enabled at all, since firefogg can just as well send the file as via a single file POST request. Independently of whether the firefogg software is "total crap" or not ... Firefogg is a widely used Firefox ad-on for converting media files in browser, many commons users are already using it via the firefogg.org/make page for their video conversions, its recommended on commons, used in gadgets ( in POST mode ), mentioned and recommended by many 3rd party sites, has thousands of installs etc. So ... if there are actual issue we would do good to report them. Tim is correct that there has not been much followup on this chunk effort as people have been busy. But I don't think that a valid reason to classify as "WONTFIX", the issues that have been raised have been addressed and some integration work remains to be done. If there are other issues to be addressed they should be made known. We should not have the feature set dismissed with broad impossible to disprove negative generalizations without any course of action for those that see value in this feature set. If some practical alternative for large file uploads is to be proposed, then it should be proposed rather than dismissing efforts to address the issue without recourse for years at a time. [1] http://www.mail-archive.com/[email protected]/msg08219.html [2] http://www.mail-archive.com/[email protected]/msg08199.html -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
