From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E0F741381F3 for ; Sun, 16 Jun 2013 20:13:05 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 83B99E0919; Sun, 16 Jun 2013 20:13:01 +0000 (UTC) Received: from mail-vc0-f177.google.com (mail-vc0-f177.google.com [209.85.220.177]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 945BAE07ED for ; Sun, 16 Jun 2013 20:13:00 +0000 (UTC) Received: by mail-vc0-f177.google.com with SMTP id hv10so1522733vcb.36 for ; Sun, 16 Jun 2013 13:12:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=cq2FLVCwmyvH04IA5sWP4c/2x1XbZ5JCmLPPqk4W89k=; b=kuo/y/zjHKIeumx/JOrPRC6Y3HffK7tih+sb6CCkL9bR6hQLCevEwiPFUtkkKmTJ0q agm8mZXrhBezFB8N3DBifBZfRSDfPRqZVDKkNL03Hc8wIrxoz1naSnv+Xc27cISWiHC0 iyNmQ/ZN2ltg59HsGLaWJKzwfnAYNL4F6wK9gCp40QETXdEfsPVCirGt+DfL3Mq2UqPZ RUnwSZ4+mbs5o1Y7Ch4+W0r59Sg03jBY8laWD94YRtMCqMMlVUU84uCYgXsZ1E040SfG AUPDCCOu10od0t7CZ/6g+IsfwatE7B4TrrDmra5zq67PftfgWDdiObkMqZwmvdV31t+t BYjg== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.58.85.161 with SMTP id i1mr2463783vez.97.1371413579631; Sun, 16 Jun 2013 13:12:59 -0700 (PDT) Received: by 10.58.44.195 with HTTP; Sun, 16 Jun 2013 13:12:59 -0700 (PDT) In-Reply-To: <51BD387C.4050800@gentoo.org> References: <51B48FA1.9080403@gentoo.org> <51BD387C.4050800@gentoo.org> Date: Mon, 17 Jun 2013 08:12:59 +1200 Message-ID: Subject: Re: [gentoo-dev] RFC: Moving project pages to wiki.gentoo.org From: Kent Fredric To: gentoo-dev@lists.gentoo.org Content-Type: multipart/alternative; boundary=047d7b6da6ac41146d04df4b1ba9 X-Archives-Salt: dfbe1532-6d01-4827-a44a-b5d9145a43f2 X-Archives-Hash: 158338072eda4c162b58970590ab07f0 --047d7b6da6ac41146d04df4b1ba9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 16 June 2013 16:01, "Pawe=C5=82 Hajdan, Jr." wro= te: > On 6/9/13 7:22 AM, Alex Legler wrote: > > I'd appreciate some input on below plan to move project pages to the > Wiki: > > Alex, thanks for working on this! Some feedback: > > 1. How will the project pages be protected against "unwanted" edits? I > think it's valuable to have some official pages where you know only > Gentoo devs can edit them. > > 2. How will the staffing needs page be updated after dropping gorg? > > 3. How secure is the wiki? Do we have regular backups and security > updates procedures in place? I know you're member of the security team > and infra team is doing its job well, but I just wanted to check. > Dynamic web applications arguably have bigger attack surface than > effectively a bunch of static files only editable after you gain server > access. > > Pawe=C5=82 > > > IMHO, the criteria for being able to edit the wiki should be lower than the present requirements on "being a Gentoo Dev". There should still be some degree of vetting, but the risk a person poses being able to make doc updates is significantly less than the risk a person poses by throwing them a CVS bit. I'd be interested in seeing if theres' a way to have "vetted" edits of some kind, ala a patchqueue/pull-merge feature but for wikis, allowing a user to edit a page as they see fit, but the changes are only visible to them until they mark their edits "done" where it can be pushed to a moderation queue for somebody trusted to check over. Because otherwise, I feel you're missing out on the benefits of wiki. A game I play, tribalwars.com, has a wiki, but the purpose of having a wiki is incredibly redundant, because most the documentation there is grossly out of date, and the tribalwars staff (the only people who can edit it) don't edit anything themselves much, and as a result, there are huge chunks of the wiki that are blatantly wrong, and I would edit them if I could, and there is no good reason to suggest my edits would be likely "malevolent" in fixing this, but alas, due to fear of abuse to security, the wiki hugely misses its intended audience and is practically useless, and the rigmarole that is required for any casual user correcting finding a minor flaw is so great, it simply never occurs. --047d7b6da6ac41146d04df4b1ba9 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 16 June 2013 16:01, "Pawe=C5=82 Hajdan, Jr." <phajdan.jr@= gentoo.org> wrote:
On 6/9/13 7:22 AM, Alex Legler wrote:
> I'd appreciate some input on below plan to move project pages to t= he Wiki:

Alex, thanks for working on this! Some feedback:

1. How will the project pages be protected against "unwanted" edi= ts? I
think it's valuable to have some official pages where you know only
Gentoo devs can edit them.

2. How will the staffing needs page be updated after dropping gorg?

3. How secure is the wiki? Do we have regular backups and security
updates procedures in place? I know you're member of the security team<= br> and infra team is doing its job well, but I just wanted to check.
Dynamic web applications arguably have bigger attack surface than
effectively a bunch of static files only editable after you gain server
access.

Pawe=C5=82



IMHO, the criteria for being able to e= dit the wiki should be lower than the present requirements on "being a= Gentoo Dev".

There should still be some degree of vetting, but= the risk a person poses being able to make doc updates is significantly le= ss than the risk a person poses by throwing them a CVS bit.

I'd be interested in seeing if theres' a way to have "vett= ed" edits of some kind, ala a patchqueue/pull-merge feature but for wi= kis, allowing a user to edit a page as they see fit, but the changes are on= ly visible to them until they mark their edits "done" where it ca= n be pushed to a moderation queue for somebody trusted to check over.

Because otherwise, I feel you're missing out on the benefits of wik= i.

A game I play, tribalwars.com, has a wiki, but the purpose of having a wiki is incredibly redundant, b= ecause most the documentation there is grossly out of date, and the tribalw= ars staff (the only people who can edit it) don't edit anything themsel= ves much, and as a result, there are huge chunks of the wiki that are blata= ntly wrong, and I would edit them if I could, and there is no good reason t= o suggest my edits would be likely "malevolent" in fixing this, b= ut alas, due to fear of abuse to security, the wiki hugely misses its inten= ded audience and is practically useless, and the rigmarole that is required= for any casual user correcting finding a minor flaw is so great, it simply= never occurs.


--047d7b6da6ac41146d04df4b1ba9--