On 24.01.2013 23:24, Paul Boddie wrote: > Aahz wrote: >> On Thu, Jan 24, 2013, M.-A. Lemburg wrote: >>> We're currently working on setting up the new VM with the Python and >>> Jython wikis. >>> >>> In order to increase security and also to help a bit with avoiding >>> spam/vandalism, we'd like to disable editing of wiki pages without >>> login. >>> >>> Any objections ? >> >> That was in fact the setup previously, and I strongly support reverting >> to it. As Barry notes, there are some pages that will need a higher >> level of protection, but as long as we've got off-VM backups, we can >> handle any mishaps. > > Indeed. I don't buy into the myth that people perpetuate about Wikis having > to > allow anonymous access or otherwise be instruments of The Man, or whatever. > The Internet is full of people who will happily pollute any editable site > with their idiotic spams and scams, and some fairly basic measures will deter > the bulk of these people.
Given the positive echo, we'll go ahead with requiring logins for edits per default. > I recommend... > > Requiring some kind of login. This actually makes it easier for the editors > to > see at a glance who has edited a page (Aahz rather than, say, > 123-client.456-server.verizon.com) and make a quick judgement about whether > the edit needs investigating. We can support OpenID - you can even use your > Python Package Index identity! - and so don't even need to make people set > and remember distinct passwords. > > Maintaining the textcha protection for random newcomers. I appreciate that > textcha questions can be a pain - on one Wiki I use, the questions required a > fair amount of research on my part because I am a mere developer and not part > of the target audience - but we can migrate people quickly to a group/list > that doesn't get bothered with questions. Textcha can be very effective: on > some sites I've seen where they turned the feature on, spam was more or less > eliminated. We are using text based capchas for the Python and Jython wiki - for both unregistered and registered users. There's a group of trusted editors which doesn't have to bother with the captchas. Additionally, we have a blocked user group to disable known spam accounts. > Having some kind of mechanism for managing new user registration. I wouldn't > want to impose the approval of new users because it stops the quick-but-good > edits of people who are new to the Wiki but want to fix something, but it is > the case that there may be a lot of "registration spam", meaning that the > Wiki fills up with users who will never succeed in making an edit because > they can't answer the textcha questions. Maybe there are already tools that > deal with this. If not, I may be encouraged to write something. We currently have 11000 users registered for the Python wiki. I do believe that many of those are no longer in use. Since we're resetting the password of the users now, we should get a good feel for the actual number of active users after a few months: the inactive ones will show up as not having registered a new password. > Beyond this, we could introduce edit approval for random newcomers - I wrote > something that puts edits in approval queues - but this is really something > for a site where you want the barrier to editing to be very low but the > barrier to publishing to be much higher. For the Python Wikis, the barrier to > editing should be low but not *very* low, and the barrier to publishing > should not be significantly higher. If spam from registered users becomes more of a problem, we could increase the number of captcha phrases. > Finally, I would like to thank Marc-André for his forensic and recovery work > as well as Thomas and Reimar for their work in attempting to restore the > content. Once again, the PSF should be thanked for making resources available > for the improvement of MoinMoin in various respects. Ensuring the vitality of > widely-used Python projects like MoinMoin is an essential part of ensuring > the vitality of Python itself. Thanks, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jan 25 2013) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ pydotorg-www mailing list [email protected] http://mail.python.org/mailman/listinfo/pydotorg-www
