On 23 August 2013 18:35, David Gerard <[email protected]> wrote: > On 23 August 2013 23:31, Risker <[email protected]> wrote: > > > There are other options. The question is whether or not they can be made > to > > work in the MediaWiki/WMF circumstances. If you looked at the data > > collected to see where HTTPS attempts were unsuccessful, you'd see that > > there are editors in a lot of countries with issues (i.e., greater than > 5% > > failure rates), and most of them are technical issues. Suddenly you're > not > > just talking about a few projects, you're talking about dozens who may > have > > difficulty getting CU/OS support internally. > > > That doesn't change the security consideration. >
No it doesn't change the security consideration. What changes is the recognition that the problem may actually be bigger than initially thought. Everyone knew about China and Iran. Probably nobody knew about Pakistan, Indonesia, Philippines, India, etc - all of which have multiple language projects. Even just HTTPS logins may be a challenge for some of these countries, and it gives the WMF reason to consider how to better support them just so everyone is protected and isn't left with the choice of editing by IP or not editing at all. > > > The people in our many overlapping MediaWiki and Wikimedia communities > have > > come up with a lot of very creative solutions to problems that other > sites > > haven't figured out or don't care enough to bother with. I have a lot of > > faith that some out of the box thinking might very well resolve this > > specific issue, and possibly open a gateway to solving the security issue > > for even larger groups. > > > And until then, it actually needs to be HTTPS-only. I'm horrified it > isn't already. > > Well, I'm not terribly technical, but I don't think there's ever been consideration of linking login requirements to user permissions. Perhaps that needs to change. I'm concerned too. Risker/Anne _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
