On Sunday, March 10, 2013 at 1:16 AM, Raimond Spekking wrote: > The RSS extension is live on Foundationwiki and Mediawikiwiki. Are there > any security/performance reasons to not enabling it on a Wikipedia?
Hi Raimond! Extension:RSS recently underwent a major revision which (among other things) changed the security model from whitelist-by-default to blacklist-by-default. This is a good thing, but it does mean that adding and removing feeds requires configuration changes. If the extension is enabled on Wikipedias, there are likely to be quite a lot of requests, so we would need some protocol for deciding how to handle requests and how to ensure the list is regularly audited and kept up-to-date, with retired or compromised feeds promptly removed. Restricting it to Wikimedia domains would be a smart security decision, but privileging Wikimedia content—even for purely technical reasons—means compromising openness somewhat. My hunch is that it wouldn't be worth the headache. It makes sense to have feeds enabled on Mediawikiwiki, where it facilitates the tranclusion of activity streams from SCMs. It is OK to have it on Foundationwiki, which is openly not open. But in most other cases, it's proper that a human being has to explicitly import the content, bringing to bear her discretion and understanding of content policy. -- Ori Livneh _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
