On 06/11/2013 08:19 AM, Anthony wrote: > Putting everything in a single database which can be accessed by a single > developer is a choice.
It is, also, the only *reasonable* choice given the resources at our disposal. I've contracted with CSIS in the past and had the immense "pleasure" of working with true MLS systems. They are extraordinarily expensive, a nightmare to maintain (the change request cycle necessarily works at the scale of months), and requires about two to three times the staff to manage (because the SA can't be the same person as the SO who can also not be the one performing the actual operations; that's not counting that MLS may partition things further if there are different authorities involved). The WMF protects itself not by partitioning roles and security domains, but by making sure that as much of everything is transparent as is possible, and with normal due diligence and care in selecting those persons who have access to the rest. Put another way: I can see at /least/ two dozen vectors for the NSA (or whichever acronym agency you prefer) to get at every single octet under WMF control without us being able to even know about it. We purchase and use off-the-shelf equipment, do not have to source to every bit of firmware in our datacenters (let alone the ability to *audit* any of it), our hardware is on premises we do not have physical control over, and all our communications are transmitted over packet switched networks constructed out of untrustable parts and under the control of innumerable parties we have no control over. Fixing any /one/ of those holes would cost tens of times our current total operating budget, and would be essentially burned money unless they were all closed -- which turns out to not be possible at all given that we actually *want* the world-at-large to be able to, you know, use our stuff? There is nothing we can do about any of this beyond continuing to be careful and trust in all the numerous employees and volunteer of the WMF (most of whom are outside the US) to start yelling very loudly if something fishy is going on. So let's store the tinfoil hats and get back to work, please? -- Marc _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l