2009/7/24 Aryeh Gregor <Simetrical+wikilist(a)gmail.com>om>:
On Thu, Jul 23, 2009 at 2:20 AM, Brianna
Laugher<brianna.laugher(a)gmail.com> wrote:
All the potential problems posed are ones that
Wikipedia faces every
day just because it lets people edit, period. I don't see how doing it
via an API adds some massive new risk.
Well. If you had some way to clearly distinguish which automated tool
made the edit, and a way for admins to block all edits from a
specific tool as easily as they can currently block or revert all
edits from a specific user, and no way to take dangerous admin-only
actions (e.g. editing interface messages) using the tool -- then on
reflection, I'll grant that I don't see any problems with it. The
only serious risk, then, would be to a user's reputation, if the tool
author is subtly malicious. That only affects the specific user, and
is a risk they can decide to take or not.
Yay!
That's a considerable amount of infrastructure
that would be needed,
though. I'm not sure it's worth the effort just for the sake of
enabling web-based editing tools. Remember, for desktop tools this is
pointless. They can already steal your password directly in a hundred
different ways, so letting them edit directly using your credentials
is as safe as running them at all. There are plenty of desktop tools
that are already used as editing aids. I doubt the gain from allowing
web-based tools as well would be worth implementing this whole
authentication system.
Well, I don't know that I agree with this argument "we should just
assume desktops are already compromised", but I'm not that interested
in desktop applications so I will leave it aside.
Given that
* the write API has only been enabled on Wikimedia sites since August
2008 (less than a year)
* we don't do very much/any promotion of our API, and
* our data is extremely complex (especially compared to, say, Twitter),
I am not at all surprised that no web apps have yet spung up (or, only
Watchlistr). I don't think the fact that no web apps have been created
yet means that it has been judged as not-that-useful. I think it will
take a while, and a few examples, for developers to start to get the
idea of being creative with the MW API.
I love the
idea of the write API because it removes the necessity to
have MediaWiki as the only way to interact with Wikimedia content. The
write API lets us innovate at the interface level just as we
collaboratively innovate at the content level.
The write API doesn't allow anything new. It just makes some things
easier and more reliable. Anything you could do with the write API,
you could do by screen-scraping, just maybe less quickly and reliably.
(With maybe a very small number of narrow exceptions.)
If you make something orders of magnitude easier, it is like a "new" thing.
Anyway I am glad that we have come to some kind of agreement. I
expanded some info at <http://www.mediawiki.org/wiki/OAuth> based on
this discussion.
cheers
Brianna
--
They've just been waiting in a mountain for the right moment:
http://modernthings.org/