[Wikimedia-l] Wikimedia blog moving to WordPress.com

Nathan nawrich at gmail.com
Thu Sep 5 22:50:21 UTC 2013


On Thu, Sep 5, 2013 at 6:44 PM, Dan Collins <en.wp.st47 at gmail.com> wrote:
> At least OTRS and mailman belong inside our security "bubble" of control,
> where the only people with access are ops and they can be properly secured.
> The security risk of those applications potentially introducing and
> attacker to all our data is minimal compared to the much greater risk of
> placing our user names, passwords, email addresses, and highly private OTRS
> queues in the hands of a third party including all their technicians, not
> to mention their security practices that we have no control over.
>
> As for the other question. If the nsa sends a letter to WordPress then they
> can get the email address and IP of someone who posted a post or comment to
> our blog. Probably the password too. If we host it over SSL then there's no
> way for them to know even that a given user commented, and if we did SSL
> right (maybe in another ten years) no one would know whether an IP was anon
> browsing, a checkuser or oversight, or reading our highly sensitive OTRS
> queues.

http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?hp

In which it is disclosed that, unsurprisingly, SSL poses no real
challenge for the NSA. In any case, I find it hard to imagine a
plausible scenario in which the NSA would be interested in a commenter
on the WMF blog. (My previous post in this thread was sarcastic, in
case that was unclear).



More information about the Wikimedia-l mailing list