| 1 |
On 16 June 2013 16:01, "Paweł Hajdan, Jr." <phajdan.jr@g.o> wrote: |
| 2 |
|
| 3 |
> On 6/9/13 7:22 AM, Alex Legler wrote: |
| 4 |
> > I'd appreciate some input on below plan to move project pages to the |
| 5 |
> Wiki: |
| 6 |
> |
| 7 |
> Alex, thanks for working on this! Some feedback: |
| 8 |
> |
| 9 |
> 1. How will the project pages be protected against "unwanted" edits? I |
| 10 |
> think it's valuable to have some official pages where you know only |
| 11 |
> Gentoo devs can edit them. |
| 12 |
> |
| 13 |
> 2. How will the staffing needs page be updated after dropping gorg? |
| 14 |
> |
| 15 |
> 3. How secure is the wiki? Do we have regular backups and security |
| 16 |
> updates procedures in place? I know you're member of the security team |
| 17 |
> and infra team is doing its job well, but I just wanted to check. |
| 18 |
> Dynamic web applications arguably have bigger attack surface than |
| 19 |
> effectively a bunch of static files only editable after you gain server |
| 20 |
> access. |
| 21 |
> |
| 22 |
> Paweł |
| 23 |
> |
| 24 |
> |
| 25 |
> |
| 26 |
IMHO, the criteria for being able to edit the wiki should be lower than the |
| 27 |
present requirements on "being a Gentoo Dev". |
| 28 |
|
| 29 |
There should still be some degree of vetting, but the risk a person poses |
| 30 |
being able to make doc updates is significantly less than the risk a person |
| 31 |
poses by throwing them a CVS bit. |
| 32 |
|
| 33 |
I'd be interested in seeing if theres' a way to have "vetted" edits of some |
| 34 |
kind, ala a patchqueue/pull-merge feature but for wikis, allowing a user to |
| 35 |
edit a page as they see fit, but the changes are only visible to them until |
| 36 |
they mark their edits "done" where it can be pushed to a moderation queue |
| 37 |
for somebody trusted to check over. |
| 38 |
|
| 39 |
Because otherwise, I feel you're missing out on the benefits of wiki. |
| 40 |
|
| 41 |
A game I play, tribalwars.com, has a wiki, but the purpose of having a wiki |
| 42 |
is incredibly redundant, because most the documentation there is grossly |
| 43 |
out of date, and the tribalwars staff (the only people who can edit it) |
| 44 |
don't edit anything themselves much, and as a result, there are huge chunks |
| 45 |
of the wiki that are blatantly wrong, and I would edit them if I could, and |
| 46 |
there is no good reason to suggest my edits would be likely "malevolent" in |
| 47 |
fixing this, but alas, due to fear of abuse to security, the wiki hugely |
| 48 |
misses its intended audience and is practically useless, and the rigmarole |
| 49 |
that is required for any casual user correcting finding a minor flaw is so |
| 50 |
great, it simply never occurs. |
Archives