Erik Moeller wrote: > The experience that Sage describes in bug 24471 of not being > consistently logged in arguably shouldn't occur in the first place per > 1). Can we log the user into _all_ public Wikimedia wikis without > incurring an unacceptable performance penalty? If so, how?
We can do it if not caring about security. Which is unacceptable. So basically, I don't think we can make a magic login-everywhere, without a perfomance penalty to the servers and/or user. > The issue with regard to privacy disclosures through account creation > logs is one that we should try to fix for the user per 2) and 3) > without the user needing to worry about it. All the same links should > be there, you shouldn't have to confirm anything when you edit a page, > etc. And you certainly shouldn't have to explicitly create an account > with an additional one-click operation. Not just create an account, also logging in on eg. wikibooks when you were previously just logged into wikipedias. > It may require, per one of Brion's suggestions, to have some kind of > shadow account system in the backend that's used until/unless a fully > created user account is required, or to flag the account in a certain way. CentralAuth already reserves the username, such magic adding global usernames should be possible (eg. to block a user which hasn't attached a local account yet). > Finally, I completely concur with Brion that the additional "Log in > globally" checkbox should be removed, and a better solution be sought, > per 1). It's not something that users should need to think about. I'm happy with removing it *after* we get the better solution. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l