On 12/14/06, Brianna Laugher brianna.laugher@gmail.com wrote:
On 14/12/06, Magnus Manske magnusmanske@googlemail.com wrote:
On 12/13/06, Bryan Tong Minh bryan.tongminh@gmail.com wrote:
Is there no way you can upload using your own commons login name?
I already thought about extending commonshelper so it accepts commons user name and password. The upload bot could then use that for uploading.
Of course, any user of the tool then would have to give this information to my tools, without knowing what else I do with that (I won't, of course, but short of the toolserver admins, noone can actually confirm that).
OTOH, as long as I keep it optional, would such a mechanism be acceptable?
Is there any other toolserver tool that requests or uses user's passwords? I really dislike the idea. I don't think the convenience outweighs the possible security problems and I don't think we should keep putting bricks onto temporary solutions: obviously the function should be performed by MediaWiki. But then, we already rely on CheckUsage, so... sigh...
Well, your password is transmitted unencrypted to through the internet every time you log into a Wikimedia project. So, there's already risk. The *additional* risk is in trusting me. That's everyone's decision.
Another possibility is that we ask for upload-from-url to be enabled on Commons. (I can't remember if it is an actual feature yet or just a mooted one.) Then CommonsHelper could be more or less single click, right?
Yes, it is an actual feature which has to be turned on by the-one-whose-name-we-must-not-speak, or one of his minions ;-)
No, it won't fix that problem; upload-from-url only offers a different source (web instead of your own PC); you'll still have to give a username and password to the script, one way or another.
It has been suggested that allowing upload-from-url will bring torrents of copyvios. Undoubtedly it will, but we get torrents of copyvios already. Upload-from-url should allow us to track the true origin of images much more easily (assuming that info is made available!). At the moment it is a lot of guesswork and hunches.
Yes, there might be more copyvios than now, but they'll be easier to hunt down and exterminate, and if some "violators" use this instead of the current upload, it would reduce overall stress on the admins, IMHO.
Magnus