On Thu, Jun 26, 2014 at 8:03 AM, Andre Klapper <aklapper(a)wikimedia.org>
wrote:
On Thu, 2014-06-26 at 16:17 +0200, Bartosz DziewoĆski
wrote:
I feel like this would result in a ton of reports
that say "YOU CAN
DEFACE THE MAIN PAGE!!!" which is editable, if not protected, because
it's a wiki.
This.
I have seen several 'bug reports' in Mozilla Bugzilla by 'security
researchers' about source code of projects being exposed on Mozilla's
servers. Clearly a security breach. What does "FOSS" stand for?
So it boils down to "how to keep clueless people out", to be rough.
Heck, we get it to security@ pretty often. Just had one a few weeks
ago saying "If I append a ?title=foo param it changes the page title!"
-Chad