[pydotorg-www] Changing default wiki permissions

Paul Boddie paul at boddie.org.uk
Thu Jan 24 23:24:30 CET 2013


Aahz wrote:
> On Thu, Jan 24, 2013, M.-A. Lemburg wrote:
> > We're currently working on setting up the new VM with the Python and
> > Jython wikis.
> >
> > In order to increase security and also to help a bit with avoiding
> > spam/vandalism, we'd like to disable editing of wiki pages without
> > login.
> >
> > Any objections ?
>
> That was in fact the setup previously, and I strongly support reverting
> to it.  As Barry notes, there are some pages that will need a higher
> level of protection, but as long as we've got off-VM backups, we can
> handle any mishaps.

Indeed. I don't buy into the myth that people perpetuate about Wikis having to 
allow anonymous access or otherwise be instruments of The Man, or whatever. 
The Internet is full of people who will happily pollute any editable site 
with their idiotic spams and scams, and some fairly basic measures will deter 
the bulk of these people.

I recommend...

Requiring some kind of login. This actually makes it easier for the editors to 
see at a glance who has edited a page (Aahz rather than, say, 
123-client.456-server.verizon.com) and make a quick judgement about whether 
the edit needs investigating. We can support OpenID - you can even use your 
Python Package Index identity! - and so don't even need to make people set 
and remember distinct passwords.

Maintaining the textcha protection for random newcomers. I appreciate that 
textcha questions can be a pain - on one Wiki I use, the questions required a 
fair amount of research on my part because I am a mere developer and not part 
of the target audience - but we can migrate people quickly to a group/list 
that doesn't get bothered with questions. Textcha can be very effective: on 
some sites I've seen where they turned the feature on, spam was more or less 
eliminated.

Having some kind of mechanism for managing new user registration. I wouldn't 
want to impose the approval of new users because it stops the quick-but-good 
edits of people who are new to the Wiki but want to fix something, but it is 
the case that there may be a lot of "registration spam", meaning that the 
Wiki fills up with users who will never succeed in making an edit because 
they can't answer the textcha questions. Maybe there are already tools that 
deal with this. If not, I may be encouraged to write something.

Beyond this, we could introduce edit approval for random newcomers - I wrote 
something that puts edits in approval queues - but this is really something 
for a site where you want the barrier to editing to be very low but the 
barrier to publishing to be much higher. For the Python Wikis, the barrier to 
editing should be low but not *very* low, and the barrier to publishing 
should not be significantly higher.

Finally, I would like to thank Marc-André for his forensic and recovery work 
as well as Thomas and Reimar for their work in attempting to restore the 
content. Once again, the PSF should be thanked for making resources available 
for the improvement of MoinMoin in various respects. Ensuring the vitality of 
widely-used Python projects like MoinMoin is an essential part of ensuring 
the vitality of Python itself.

Paul


More information about the pydotorg-www mailing list