On Thu, Jun 26, 2014 at 8:03 AM, Andre Klapper aklapper@wikimedia.org wrote:
On Thu, 2014-06-26 at 16:17 +0200, Bartosz DziewoĆski wrote:
I feel like this would result in a ton of reports that say "YOU CAN DEFACE THE MAIN PAGE!!!" which is editable, if not protected, because it's a wiki.
This. I have seen several 'bug reports' in Mozilla Bugzilla by 'security researchers' about source code of projects being exposed on Mozilla's servers. Clearly a security breach. What does "FOSS" stand for?
So it boils down to "how to keep clueless people out", to be rough.
Heck, we get it to security@ pretty often. Just had one a few weeks ago saying "If I append a ?title=foo param it changes the page title!"
-Chad