On Mon, 2005-19-12 at 22:14 +0530, Rahul Sundaram wrote:
> >Am I the only person here who has had ANY security training at all?
> >
> >There are a lot of people out there who wish to do harm to anything they
> >can - or at the very least send us crap about viagra and cialis.
> >
> >We need to stop being naive and act accordingly.
> >
> If someone happens to deface or spam a few non central wiki pages, how
> does that affect security?
* Any system that is world-writable is implicitly less secure than
a system that isn't.
* Generally, you have to have the visibility and dedication of a
project the size of the Wikipedia to achieve the level where
noise to contribution ratio reaches sensible levels. I've seen a
number of open-source projects where wikis were completely
unusable due to spam and defacements.
* Nobody perusing a project like Wikipedia is going to use it for
something other than for the purposes of trivia and personal
curiosity -- your doctor is not going to print out the article
on Gall_bladder before your surgery appointment. On the other
hand, Fedora's wiki /must/ be a repository of documents that are
reliable enough for a panicking sysadmin to refer to in the case
of time-pressing system failure. When your system doesn't boot,
you don't want to have to worry if the advice proffered on the
documentation site was put there by a bored joker, or whether
"cat /dev/zero > /dev/hda" is really going to fix your
bootloader issues (professional driver on a closed course, don't
try this at home, etc, etc).
* Lastly, is there a problem in the first place? Or are we just
idly mulling over potential benefits of an all-open system vs.
selective system? Is the current solution not working?
Regards,
--
Konstantin Ryabitsev
McGill University WSG
Mal: (to Simon) "If I ever kill you, you'll be awake, you'll be facing
me, and you'll be armed."
