On 23 August 2013 17:10, Marc A. Pelletier marc@uberbox.org wrote:
On 08/23/2013 04:35 PM, Risker wrote:
I'd like to see what can be developed, however, to support Checkusers/Oversighters/Stewards who have difficulty using HTTPS
Pretty much by definition the accounts holding those bits are the one we /least/ want to have their password snooped, and the ones most likely to be targeted by malicious eavesdroppers. If we could only support some accounts to use HTTPS, those are the ones we would need to force.
Yes, it does mean that there could not be checkusers in mainland China, for instance as long as they are unable to log in through HTTPS. That would be a /good/ thing.
As I said, Marc, there's already an offline discussion happening looking for ways to effectively manage this without outright banning editors from those geographical regions from serving Wikimedia communities. A decision to prevent users from certain countries or with certain technical challenges from holding these permissions is as much a policy issue as it is a security issue (it's also a cross-wiki one), so that aspect needs to be considered from a broad community perspective.
If a technical solution can be found that facilitates affected users being able to securely use the tools, then the policy discussion would focus on whether we require those editors to use the technical solution, instead of recommending outright bans to granting advanced permissions to those affected by HTTPS issues. Solutions are already being considered and examined for this; granted, the discussion is occurring off-wiki so you wouldn't have been aware.
Risker/Anne