Wikipedia was blocked ENTIRELY in China for years; people interested in
*reading* as well as contributing used circumvention tools (VPNs etc) to
more securely access the site, and just got generic errors if they didn't.
This is an acceptable trade-off which we've allowed the Chinese government
to make for us before, and here we're talking about a much smaller effect
(on contributors only).
Again, it's not our business to fix China. China has to fix China.
-- brion
On Tue, Aug 20, 2013 at 1:15 PM, George William Herbert <
george.herbert(a)gmail.com> wrote:
On Aug 20, 2013, at 12:57 PM, Brion Vibber <bvibber(a)wikimedia.org> wrote:
IMO it's simply unacceptable to leak
authentication tokens or account
passwords in cleartext; allowing any form of login over HTTP is dinosaur
behavior and we'd be crazy to let it continue, whether for "some sites"
only or all. We should require HTTPS for all logins on all sites in all
languages all the time.
This is a defensible position.
That is not my point.
It appears that the ops team is about to kick anyone who is unfortunate
enough to live in the wrong countries off the projects, without a clue what
happened or obvious fallback they will realize. Without publicity or
explanation or a HTTP landing pad that explains.
This magnitude of change is political, not purely technical/operational.
And demands both notification and a fallback that users will be reasonably
able to grasp.
Again, this is still a little fuzzy as to the impact. But it seems like
we dump China users of en.wp without warning or immediately obvious
workaround. And if that's right, the ops team should not do this. It
needs wider warnings and discussion, and is not an ops decision to make.
Sent from Kangphone
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l