-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dschwen wrote:
http://en.wikipedia.org/tools/~dschwen/wikiminiatlas/label/en_0_0_0 would fetch the content of http://tools.wikimedia.de/~dschwen/wikiminiatlas/label/en_0_0_0)?
Under NO circumstances will we ever do this, that's a serious security danger.
I fail to see how it would be a danger with a carefully selected set of forwards. We already have to trust the contributing admin users. Why would you categorically deny trust to another group of active developers: on the toolserver?
It greatly increases the vulnerability landscape, whereas I'd prefer to decrease it by tightening controls on site JavaScript.
- -- brion vibber (brion @ wikimedia.org)