On 0, Tim Starling tstarling@wikimedia.org scribbled:
Zoney wrote:
On 08/05/07, Matthew Brown morven@gmail.com wrote:
We're not professional. Except for a tiny bunch of people who work for the Foundation, we're all volunteers and our time is not especially coordinated. Wikipedia is what it is, and part of that is that we've grown faster than our organization has.
-Matt
The project should be managed professionally if it is indeed a serious project. Otherwise it's all just a bit of a larf and it'll eventually come crashing down. However, the project *is* taken seriously by those of us involved, and attempts to pass itself off as a serious endeavour. Indeed that mostly works, and so a large section of the media and the public take the project seriously (maybe they shouldn't). That is why I consider it serious for us to be so unprofessional about such a critical issue as site security.
Is there an official line on what needs to be done, and what exactly administrators should do with respect to passwords? Has it been relayed to each and every administrator in a proper fashion? (the email I received was rather informal) Is this information put to new admins (or even ordinary users) in a coherent fashion? I do not think being knowledgable on the subject of password security should be a necessary criterion for a Wikipedia administrator. So there needs to be a definitive process for the uninitiated to follow.
Who are you calling unprofessional? The people who quickly, competently and comprehensively fixed the problem on the server side, or the people who jumped up and down on the lists and wikis about the need for everyone to change their passwords? I think you should make that clear.
-- Tim Starling
I think he's clearly referring to the community and possibly the Board; elements have not responded particularly calmly and rationally. I don't see any basis on which to criticize the developers - from what I've heard, they/you dropped everything to run the password cracker on admin accounts and begin coding up protection from guessing attacks to add to the login page.
-- Gwern Inquiring minds want to know.