On Sunday, March 10, 2013 at 1:16 AM, Raimond Spekking wrote:
The RSS extension is live on Foundationwiki and
Mediawikiwiki. Are there
any security/performance reasons to not enabling it on a Wikipedia?
Hi Raimond!
Extension:RSS recently underwent a major revision which (among other things) changed the
security model from whitelist-by-default to blacklist-by-default. This is a good thing,
but it does mean that adding and removing feeds requires configuration changes. If the
extension is enabled on Wikipedias, there are likely to be quite a lot of requests, so we
would need some protocol for deciding how to handle requests and how to ensure the list is
regularly audited and kept up-to-date, with retired or compromised feeds promptly removed.
Restricting it to Wikimedia domains would be a smart security decision, but privileging
Wikimedia content—even for purely technical reasons—means compromising openness somewhat.
My hunch is that it wouldn't be worth the headache. It makes sense to have feeds
enabled on Mediawikiwiki, where it facilitates the tranclusion of activity streams from
SCMs. It is OK to have it on Foundationwiki, which is openly not open. But in most other
cases, it's proper that a human being has to explicitly import the content, bringing
to bear her discretion and understanding of content policy.
--
Ori Livneh