[Foundation-l] Internal wiki(s) and confidential committee communications
Gerard Meijssen
gerard.meijssen at gmail.com
Sun Feb 5 16:56:20 UTC 2006
Brion Vibber wrote:
> Erik Moeller wrote:
>
>> Hiding page content is not too hard; it gets
>> a bit more complicated if we want to make sure that people cannot even
>> see page _titles_ outside their given namespace access, as these are
>> currently shown all over the place. Perhaps a gradual implementation
>> would be sufficient.
>>
>
> I have strong reservations on this due to the large number of ways open to
> access page content in MediaWiki. I have consistently recommended against third
> parties attempting to hack MediaWiki for this; anyone who actually requires this
> sort of multiple-group confidentiality levels in a single wiki could lose their
> job when it fails (and it probably would fail).
>
This is a great argument why it should not be third parties to attempt
to hack MediaWiki for this. It is not an argument why it should not be
done. Given that you have expressed your reservations on multiple
occasions, there is a clear demand for this functionality, there is also
the present expressed requirement.. The fact that this is NOT the first
time that it is discussed for use within the Wikimedia Foundation gives
weight to the argument that it should be developed. It is not only but
also useful for the Wikimedia Foundation, it does provide functionality
that cannot be done well by third parties. It is known that this
functionality has been hacked multiple times. You make a great case for
the development of this functionality.
> In addition to page titles there are summaries, extracts, fragments, search
> results, templates, old versions, watchlist entries, raw loads, diffs, logs, RSS
> feeds, export, and god knows what else.
>
> I can pretty much assume that lots of time would be spent cleaning up after
> mistakes, where confidential material was placed into the wrong page / edit
> summary / log entry / whatever that's hard to remove.
>
> So while we could try, I recommend strongly against it if legal confidentiality
> is actually a requirement (as I cannot guarantee we can provide it with software
> diametrically opposed to it) and I recommend against it if it's not a
> requirement (why bother?)
>
>
When there is no legal confidentiality required, it makes for an ideal
environment for creating this functionality. It is ideal because as the
people involved are trusted, it means that a failure of the security
implemented does not create a genuine security situation.
When there is legal confidentiality required, it means that a
confidential wiki with low security requirements is selected and will be
used to test the security features. As confidence in these security
features grows, content can be merged into this wiki in order from low,
medium to high confidentiality requirements. The trust of the people who
are /not /given permission to view content is still implicit, the
difference in approach is because of the legal requirements.
Creating an environment with increased needs for confidentiality is
however a dangerous thing. There is cost associated both with being open
and with being closed. I have the impression that we only hear arguments
for having closed / confidential information. The discussion of these
arguments also seem to be rather closed / confidential. People who are
not "in the know" are likely to see increased secrecy as being not
benign. The consequence/ is/ that the group that is in the know becomes
more isolated. This leads to less migration into and out of the group
that is privy to information and therefore to a more centralised
organisation that in time becomes increasingly likely to look for new
people outside of the Wikimedia communities.
At this moment the activity in the Wikimedia Foundation is
overwhelmingly Western; American or European. It is extremely important
that the organisation of the Wikimedia Foundation remains open; this
will allow for the hoped for infusion of people and ideas that are not
Western.
> If we're going to try hiding things,
> * What are we hiding, from whom?
> * How much do we trust them?
> * Do we trust them enough not to peek?
> * If we don't trust them, why are they there?
> * If we do trust them, why are we hiding information?
>
> If the only requirement is to protect against casual reading of pages by
> highly-trusted individuals in another workgroup, maybe it's good enough. But do
> we need it then?
There are two ways of looking at MediaWiki, either it is seen in a
Wikimedia centred way or, it is seen as software that is used by many
organisations with Wikimedia as the principal user. The second approach
acknowledges that organisations like Wikicities, or like schools, etc
use MediaWiki.
There are arguments outside of Wikimedia that plead for the
implementation of this functionality. Please take these into account.
Thanks,
GerardM
More information about the foundation-l
mailing list