https://bugzilla.wikimedia.org/show_bug.cgi?id=19161
--- Comment #40 from Mark A. Hershberger <[email protected]> 2011-03-24 21:19:03 UTC --- (In reply to comment #31) > (In reply to comment #29) > > As all of the information that people have felt necessary to reproducing or > > describing the problem has been given in this report and it has all been > > dealt with, this bug should be closed. > > Sorry, but how has it "all been dealt with"? A proper fix ("login & log local > account creation only on write actions such as edits") That is one of many fixes. Consider the title of the bug: "Auto account creation creates privacy vulnerability". The description of this privacy vulnerability then says that it comes from logging the auto account creation. The solution chosen kept auto account creation but made it so it wasn't logged. What you describe is a new problem: > Simply disabling the log has severe consequences for keeping out abusive > usernames. I've asked for the opinion of other admins on German Wikipedia and > they affirm it hinders their efforts and that there are already trolls taking > advantage of the log being removed. Please use Bug #28227 to discuss this new problem. If you think the only proper fix is "local account creation should not happen on HTTP GETs", then that, too, is a new bug. You may not like the solution that was provided for this bug, but re-opening it is not likely to change CentralAuth to your liking. This bug was about a privacy concern, and that has been addressed. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
