[Foundation-l] Internal wiki(s) and confidential committee communications
Brion Vibber
brion at pobox.com
Sun Feb 5 06:20:42 UTC 2006
Erik Moeller wrote:
> Hiding page content is not too hard; it gets
> a bit more complicated if we want to make sure that people cannot even
> see page _titles_ outside their given namespace access, as these are
> currently shown all over the place. Perhaps a gradual implementation
> would be sufficient.
I have strong reservations on this due to the large number of ways open to
access page content in MediaWiki. I have consistently recommended against third
parties attempting to hack MediaWiki for this; anyone who actually requires this
sort of multiple-group confidentiality levels in a single wiki could lose their
job when it fails (and it probably would fail).
In addition to page titles there are summaries, extracts, fragments, search
results, templates, old versions, watchlist entries, raw loads, diffs, logs, RSS
feeds, export, and god knows what else.
I can pretty much assume that lots of time would be spent cleaning up after
mistakes, where confidential material was placed into the wrong page / edit
summary / log entry / whatever that's hard to remove.
So while we could try, I recommend strongly against it if legal confidentiality
is actually a requirement (as I cannot guarantee we can provide it with software
diametrically opposed to it) and I recommend against it if it's not a
requirement (why bother?)
If we're going to try hiding things,
* What are we hiding, from whom?
* How much do we trust them?
* Do we trust them enough not to peek?
* If we don't trust them, why are they there?
* If we do trust them, why are we hiding information?
If the only requirement is to protect against casual reading of pages by
highly-trusted individuals in another workgroup, maybe it's good enough. But do
we need it then?
-- brion vibber (brion @ pobox.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.wikimedia.org/pipermail/foundation-l/attachments/20060204/ad5c5980/attachment-0001.pgp
More information about the foundation-l
mailing list