2009/7/24 Aryeh Gregor <simetrical+wikil...@gmail.com>: > On Thu, Jul 23, 2009 at 2:20 AM, Brianna > Laugher<brianna.laug...@gmail.com> wrote: >> All the potential problems posed are ones that Wikipedia faces every >> day just because it lets people edit, period. I don't see how doing it >> via an API adds some massive new risk. > > Well. If you had some way to clearly distinguish which automated tool > made the edit, and a way for admins to block all edits from a > specific tool as easily as they can currently block or revert all > edits from a specific user, and no way to take dangerous admin-only > actions (e.g. editing interface messages) using the tool -- then on > reflection, I'll grant that I don't see any problems with it. The > only serious risk, then, would be to a user's reputation, if the tool > author is subtly malicious. That only affects the specific user, and > is a risk they can decide to take or not.
Yay! > That's a considerable amount of infrastructure that would be needed, > though. I'm not sure it's worth the effort just for the sake of > enabling web-based editing tools. Remember, for desktop tools this is > pointless. They can already steal your password directly in a hundred > different ways, so letting them edit directly using your credentials > is as safe as running them at all. There are plenty of desktop tools > that are already used as editing aids. I doubt the gain from allowing > web-based tools as well would be worth implementing this whole > authentication system. Well, I don't know that I agree with this argument "we should just assume desktops are already compromised", but I'm not that interested in desktop applications so I will leave it aside. Given that * the write API has only been enabled on Wikimedia sites since August 2008 (less than a year) * we don't do very much/any promotion of our API, and * our data is extremely complex (especially compared to, say, Twitter), I am not at all surprised that no web apps have yet spung up (or, only Watchlistr). I don't think the fact that no web apps have been created yet means that it has been judged as not-that-useful. I think it will take a while, and a few examples, for developers to start to get the idea of being creative with the MW API. >> I love the idea of the write API because it removes the necessity to >> have MediaWiki as the only way to interact with Wikimedia content. The >> write API lets us innovate at the interface level just as we >> collaboratively innovate at the content level. > > The write API doesn't allow anything new. It just makes some things > easier and more reliable. Anything you could do with the write API, > you could do by screen-scraping, just maybe less quickly and reliably. > (With maybe a very small number of narrow exceptions.) If you make something orders of magnitude easier, it is like a "new" thing. Anyway I am glad that we have come to some kind of agreement. I expanded some info at <http://www.mediawiki.org/wiki/OAuth> based on this discussion. cheers Brianna -- They've just been waiting in a mountain for the right moment: http://modernthings.org/ _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
