[WikiEN-l] Please change your passwords.

[Zoney]

On 09/05/07, Tim Starling <tstarling at wikimedia.org> wrote:
>
> Zoney wrote:
> > On 08/05/07, Matthew Brown <morven at gmail.com> wrote:
> >>
> >> We're not professional.  Except for a tiny bunch of people who work
> >> for the Foundation, we're all volunteers and our time is not
> >> especially coordinated.  Wikipedia is what it is, and part of that is
> >> that we've grown faster than our organization has.
> >>
> >> -Matt
> >>
> >>
> > The project should be managed professionally if it is indeed a serious
> > project. Otherwise it's all just a bit of a larf and it'll eventually
> come
> > crashing down. However, the project *is* taken seriously by those of us
> > involved, and attempts to pass itself off as a serious endeavour. Indeed
> > that mostly works, and so a large section of the media and the public
> take
> > the project seriously (maybe they shouldn't). That is why I consider it
> > serious for us to be so unprofessional about such a critical issue as
> site
> > security.
> >
> > Is there an official line on what needs to be done, and what exactly
> > administrators should do with respect to passwords? Has it been relayed
> to
> > each and every administrator in a proper fashion? (the email I received
> was
> > rather informal) Is this information put to new admins (or even ordinary
> > users) in a coherent fashion? I do not think being knowledgable on the
> > subject of password security should be a necessary criterion for a
> Wikipedia
> > administrator. So there needs to be a definitive process for the
> uninitiated
> > to follow.
>
> Who are you calling unprofessional? The people who quickly, competently
> and comprehensively fixed the problem on the server side, or the people
> who jumped up and down on the lists and wikis about the need for everyone
> to change their passwords? I think you should make that clear.
>
> -- Tim Starling
>
>
I do not fully know the ins and outs of who is responsible, nor do I know
all about the good work going on behind the scenes (and maybe that should be
better communicated too). All I know is that this problem was not
particularly well communicated as I saw it (as someone who suddenly found
out about it after the hullaballoo) and there still seemed to be great
debate on the best advice for current or new Admins wrt. passwords. Also
last time I checked, changing my password took place over an unsecured
connection.

As regards myself, well, unless I'm mistaken Wikipedia's modus operandi is
still for the most part slashdot-esque nicks rather than real names, and all
the trimmings to match. I use this sig on slashdot, so for now, I think it's
right at home on the Wikipedia mailing list. I'm not saying that's a good
thing.

I could make a point, and go on some crusade for professionalism at
Wikipedia, but I still enjoy collaborating on the project at times, and
generally those pointing out Wikipedia's pitfalls and inherent problems are
hounded regardless of whether it is because they want to see the project be
something better. No doubt I should have not bothered to point out my
observations of recent events either (as someone who chanced to read about
them after the fact having seen a comment on the main page). However, I did
think people shouldn't be under any illusions about how it all would look to
someone outside.

Zoney
-- 
~()____) This message will self-destruct in 5 seconds...