On Thu, Jun 5, 2008 at 2:45 PM, Brion Vibber brion@wikimedia.org wrote:
Anon Sricharoenchai wrote:
However, could you please answer the following questions?
- Is there a plan to prohibit local account creation of existing
ununified username?
Not presently as such, however at some point automatic migration of all remaining accounts may be initiated.
Prohibiting local account creation of existing ununified usernames would be essentially equivalent, as it would require people wanting to create such accounts to (manually) initiate a migration before continuing with the additional account setup.
I think the question was: is there any plan to prohibit the creation of a local account, when an ununified account with that name exists on *another* wiki? This is not equivalent to unifying all remaining accounts, although of course doing so would make the question moot.
It's not possible to group multiple wikis by password until all passwords have been manually entered, but we need to make a selection ahead of time in order to determine if the presently logged-in account matches the home account. So it's perhaps a bit of a catch-22 there. :)
To expand on this, passwords are stored as a hash salted with the user id. We can't answer the question, "Is the password for user X the same as the password for user Y?" We can only answer the question, "Is the password for user X 'abcd'? Is the password for user Y 'abcd'?" This improves security, in that a malicious Wikipedia admin would find it hard to figure out what passwords anyone has, but it also causes difficulty when you're trying to do something legitimately.