On 16 June 2013 16:01, "Paweł Hajdan, Jr." <phajdan...@gentoo.org> wrote:
> On 6/9/13 7:22 AM, Alex Legler wrote: > > I'd appreciate some input on below plan to move project pages to the > Wiki: > > Alex, thanks for working on this! Some feedback: > > 1. How will the project pages be protected against "unwanted" edits? I > think it's valuable to have some official pages where you know only > Gentoo devs can edit them. > > 2. How will the staffing needs page be updated after dropping gorg? > > 3. How secure is the wiki? Do we have regular backups and security > updates procedures in place? I know you're member of the security team > and infra team is doing its job well, but I just wanted to check. > Dynamic web applications arguably have bigger attack surface than > effectively a bunch of static files only editable after you gain server > access. > > Paweł > > > IMHO, the criteria for being able to edit the wiki should be lower than the present requirements on "being a Gentoo Dev". There should still be some degree of vetting, but the risk a person poses being able to make doc updates is significantly less than the risk a person poses by throwing them a CVS bit. I'd be interested in seeing if theres' a way to have "vetted" edits of some kind, ala a patchqueue/pull-merge feature but for wikis, allowing a user to edit a page as they see fit, but the changes are only visible to them until they mark their edits "done" where it can be pushed to a moderation queue for somebody trusted to check over. Because otherwise, I feel you're missing out on the benefits of wiki. A game I play, tribalwars.com, has a wiki, but the purpose of having a wiki is incredibly redundant, because most the documentation there is grossly out of date, and the tribalwars staff (the only people who can edit it) don't edit anything themselves much, and as a result, there are huge chunks of the wiki that are blatantly wrong, and I would edit them if I could, and there is no good reason to suggest my edits would be likely "malevolent" in fixing this, but alas, due to fear of abuse to security, the wiki hugely misses its intended audience and is practically useless, and the rigmarole that is required for any casual user correcting finding a minor flaw is so great, it simply never occurs.
