On 12/14/06, Brianna Laugher <brianna.laugher(a)gmail.com> wrote:
On 14/12/06, Magnus Manske
<magnusmanske(a)googlemail.com> wrote:
On 12/13/06, Bryan Tong Minh
<bryan.tongminh(a)gmail.com> wrote:
Is there no way you can upload using your own
commons login name?
I already thought about extending commonshelper so it accepts commons
user name and password. The upload bot could then use that for
uploading.
Of course, any user of the tool then would have to give this
information to my tools, without knowing what else I do with that (I
won't, of course, but short of the toolserver admins, noone can
actually confirm that).
OTOH, as long as I keep it optional, would such a mechanism be acceptable?
Is there any other toolserver tool that requests or uses user's passwords?
I really dislike the idea. I don't think the convenience outweighs the
possible security problems and I don't think we should keep putting
bricks onto temporary solutions: obviously the function should be
performed by MediaWiki. But then, we already rely on CheckUsage, so...
sigh...
Well, your password is transmitted unencrypted to through the internet
every time you log into a Wikimedia project. So, there's already risk.
The *additional* risk is in trusting me. That's everyone's decision.
Another possibility is that we ask for upload-from-url
to be enabled
on Commons. (I can't remember if it is an actual feature yet or just a
mooted one.) Then CommonsHelper could be more or less single click,
right?
Yes, it is an actual feature which has to be turned on by
the-one-whose-name-we-must-not-speak, or one of his minions ;-)
No, it won't fix that problem; upload-from-url only offers a different
source (web instead of your own PC); you'll still have to give a
username and password to the script, one way or another.
It has been suggested that allowing upload-from-url
will bring
torrents of copyvios. Undoubtedly it will, but we get torrents of
copyvios already. Upload-from-url should allow us to track the true
origin of images much more easily (assuming that info is made
available!). At the moment it is a lot of guesswork and hunches.
Yes, there might be more copyvios than now, but they'll be easier to
hunt down and exterminate, and if some "violators" use this instead of
the current upload, it would reduce overall stress on the admins,
IMHO.
Magnus