[josm-dev] Mandatory login for JOSM wiki

Frederik Ramm frederik at remote.org
Sun Feb 27 11:21:57 GMT 2011 

Hi,

Dirk Stöcker wrote:
> Well, you assume that OSM-SVN is much better than external plugins.

In OSM SVN, if someone uploads malicious code, at least we know who it 
was. We can block the account. They will have difficulty repeating that.

As things are with JOSM trac, someone can change the address and version 
of a popular plugin to his malicious code, and the malicious plugin will 
automatically find its way onto the harddisks of JOSM users everywhere. 
And we wouldn't even know who it was, and we wouldn't be able to prevent 
them from doing it again.

This is not new - I know that. But it is a change that came gradually 
and nobody ever raised a warning. In the beginning we just had a plugin 
list that people could look at, and click on a link to download 
something. Later we parsed the list automatically, and now we're even 
doing so in regular intervals. In my eyes this is asking for trouble, 
and a security policy of "some developers usually look at the changes in 
regular intervals" is not sufficient - *especially* if the concept is 
gradually being rolled out to cover numerous other aspects of JOSM.

> Most plugins started external and after the first issues with version 
> changes we convinced authors to use SVN in future :-) So instead of 
> forbidding (which I never like) I try to provide additional features as 
> encouragement and it seems this works good.

Plugins in SVN are ok; people requesting an SVN account at least have to 
go past an admin and tell us their email address. It's completely 
un-traceable anonymous config changes making their ways onto the hard 
disks of JOSM users that I object to.

> I don't think it necessary to get stricter rules at all. In case we have 
> trouble, we may change our policy, but as long as everything is fine we 
> should be as open as possible.

A good idea in principle but there are limits to that. If we have 
accountability then we can probably live without stricter rules.

> For example our bug tracker does not need registration, which is very 
> seldom nowadays. This means we have to care a lot more about SPAM and 
> also it means we get a lot of reports

Yes, the bug tracker not requiring login is definitely a plus. But not 
requiring login for publishing something to all JOSM users, without them 
even knowing, is something entirely different.

> So the same for plugins. Our open policy caused a lot of plugins 
> introducing new features and attracted new developers. I don't want to 
> change this without a real reason.

Yeah, let's not get too distracted. This is not about stricter rules. 
It's just about making sure that if config changes are made that affect 
JOSM users, these config changes should not come from anonymous users. 
Or else, if we don't want to do that, then we must at least invent 
something that shields JOSM users from it - say, have a default mode in 
JOSM that is "only accept configuration updates from registered JOSM 
contributors" vs. "accept anonymous configuration updates from 
everyone", with the default being option 1.

Bye
Frederik

-- 
Frederik Ramm  ##  eMail frederik at remote.org  ##  N49°00'09" E008°23'33"

More information about the josm-dev mailing list