On 09/05/07, Tim Starling tstarling@wikimedia.org wrote:
Zoney wrote:
On 08/05/07, Matthew Brown morven@gmail.com wrote:
We're not professional. Except for a tiny bunch of people who work for the Foundation, we're all volunteers and our time is not especially coordinated. Wikipedia is what it is, and part of that is that we've grown faster than our organization has.
-Matt
The project should be managed professionally if it is indeed a serious project. Otherwise it's all just a bit of a larf and it'll eventually
come
crashing down. However, the project *is* taken seriously by those of us involved, and attempts to pass itself off as a serious endeavour. Indeed that mostly works, and so a large section of the media and the public
take
the project seriously (maybe they shouldn't). That is why I consider it serious for us to be so unprofessional about such a critical issue as
site
security.
Is there an official line on what needs to be done, and what exactly administrators should do with respect to passwords? Has it been relayed
to
each and every administrator in a proper fashion? (the email I received
was
rather informal) Is this information put to new admins (or even ordinary users) in a coherent fashion? I do not think being knowledgable on the subject of password security should be a necessary criterion for a
Wikipedia
administrator. So there needs to be a definitive process for the
uninitiated
to follow.
Who are you calling unprofessional? The people who quickly, competently and comprehensively fixed the problem on the server side, or the people who jumped up and down on the lists and wikis about the need for everyone to change their passwords? I think you should make that clear.
-- Tim Starling
I do not fully know the ins and outs of who is responsible, nor do I know all about the good work going on behind the scenes (and maybe that should be better communicated too). All I know is that this problem was not particularly well communicated as I saw it (as someone who suddenly found out about it after the hullaballoo) and there still seemed to be great debate on the best advice for current or new Admins wrt. passwords. Also last time I checked, changing my password took place over an unsecured connection.
As regards myself, well, unless I'm mistaken Wikipedia's modus operandi is still for the most part slashdot-esque nicks rather than real names, and all the trimmings to match. I use this sig on slashdot, so for now, I think it's right at home on the Wikipedia mailing list. I'm not saying that's a good thing.
I could make a point, and go on some crusade for professionalism at Wikipedia, but I still enjoy collaborating on the project at times, and generally those pointing out Wikipedia's pitfalls and inherent problems are hounded regardless of whether it is because they want to see the project be something better. No doubt I should have not bothered to point out my observations of recent events either (as someone who chanced to read about them after the fact having seen a comment on the main page). However, I did think people shouldn't be under any illusions about how it all would look to someone outside.
Zoney