openid on the wiki?
Itamar Heim
iheim at redhat.com
Wed Jan 25 08:17:43 UTC 2012
On 01/25/2012 06:03 AM, Karsten 'quaid' Wade wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/24/2012 03:40 PM, Ewoud Kohl van Wijngaarden wrote:
>> I have no experience with mediawiki + openid myself, but maybe
>> giving it a go and monitor it would be good enough for now.
>>
>> Possible downsides: - Spammers use openid to spam
>>
>> Possible upsides: - More open to new people - People can use a
>> single account for both gerrit and the wiki
>>
>> Since the wiki edits are also shown on IRC I think spam would be
>> caught fast enough and in the worst case the change could be
>> reverted.
>
> That's a good point, the wiki edits are watched that way more carefully.
>
> What would our reaction be if we started to see spam edits via OpenID
> accounts?
>
> * Can we easily disable those accounts?
> * Would we revert to not using OpenID?
> ** Sometimes spammers seem to be doing test-spam on a wiki, so a few
> scattered edits might be preparation for an onslaught.
>
> Also consider all this in terms of who is taking care of the wiki. We
> don't (yet?) have enough individuals or a team that seem to be taking
> on any wiki management tasks.
>
> So a spamming situation could rally such folks, but it could also kill
> the energy while in the crib by overwhelming it with spam pages from
> incrementally more spam accounts.
>
> I'm reacting a bit here to e.g. more wiki pages being incorrectly
> named than not, so a lot of wiki gardening required still. OTOH, I am
> very much in favor of lowering barriers as much as we can. I'd like to
> proceed with this discussion and just figure out a way to
> counterbalance the risks, etc.
can we separate the openid support for authentication (so people can
user same user/password) from authorization (can an openid account do
something)?
so we would still have the process of an existing user has to give edit
permissions to an openid user?
More information about the Infra
mailing list