Wikipedia was blocked ENTIRELY in China for years; people interested in *reading* as well as contributing used circumvention tools (VPNs etc) to more securely access the site, and just got generic errors if they didn't.
This is an acceptable trade-off which we've allowed the Chinese government to make for us before, and here we're talking about a much smaller effect (on contributors only).
Again, it's not our business to fix China. China has to fix China.
-- brion
On Tue, Aug 20, 2013 at 1:15 PM, George William Herbert < george.herbert@gmail.com> wrote:
On Aug 20, 2013, at 12:57 PM, Brion Vibber bvibber@wikimedia.org wrote:
IMO it's simply unacceptable to leak authentication tokens or account passwords in cleartext; allowing any form of login over HTTP is dinosaur behavior and we'd be crazy to let it continue, whether for "some sites" only or all. We should require HTTPS for all logins on all sites in all languages all the time.
This is a defensible position.
That is not my point.
It appears that the ops team is about to kick anyone who is unfortunate enough to live in the wrong countries off the projects, without a clue what happened or obvious fallback they will realize. Without publicity or explanation or a HTTP landing pad that explains.
This magnitude of change is political, not purely technical/operational. And demands both notification and a fallback that users will be reasonably able to grasp.
Again, this is still a little fuzzy as to the impact. But it seems like we dump China users of en.wp without warning or immediately obvious workaround. And if that's right, the ops team should not do this. It needs wider warnings and discussion, and is not an ops decision to make.
Sent from Kangphone
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l