[josm-dev] Mandatory login for JOSM wiki
Frederik Ramm
frederik at remote.org
Sun Feb 27 11:21:57 GMT 2011
Hi,
Dirk Stöcker wrote:
> Well, you assume that OSM-SVN is much better than external plugins.
In OSM SVN, if someone uploads malicious code, at least we know who it
was. We can block the account. They will have difficulty repeating that.
As things are with JOSM trac, someone can change the address and version
of a popular plugin to his malicious code, and the malicious plugin will
automatically find its way onto the harddisks of JOSM users everywhere.
And we wouldn't even know who it was, and we wouldn't be able to prevent
them from doing it again.
This is not new - I know that. But it is a change that came gradually
and nobody ever raised a warning. In the beginning we just had a plugin
list that people could look at, and click on a link to download
something. Later we parsed the list automatically, and now we're even
doing so in regular intervals. In my eyes this is asking for trouble,
and a security policy of "some developers usually look at the changes in
regular intervals" is not sufficient - *especially* if the concept is
gradually being rolled out to cover numerous other aspects of JOSM.
> Most plugins started external and after the first issues with version
> changes we convinced authors to use SVN in future :-) So instead of
> forbidding (which I never like) I try to provide additional features as
> encouragement and it seems this works good.
Plugins in SVN are ok; people requesting an SVN account at least have to
go past an admin and tell us their email address. It's completely
un-traceable anonymous config changes making their ways onto the hard
disks of JOSM users that I object to.
> I don't think it necessary to get stricter rules at all. In case we have
> trouble, we may change our policy, but as long as everything is fine we
> should be as open as possible.
A good idea in principle but there are limits to that. If we have
accountability then we can probably live without stricter rules.
> For example our bug tracker does not need registration, which is very
> seldom nowadays. This means we have to care a lot more about SPAM and
> also it means we get a lot of reports
Yes, the bug tracker not requiring login is definitely a plus. But not
requiring login for publishing something to all JOSM users, without them
even knowing, is something entirely different.
> So the same for plugins. Our open policy caused a lot of plugins
> introducing new features and attracted new developers. I don't want to
> change this without a real reason.
Yeah, let's not get too distracted. This is not about stricter rules.
It's just about making sure that if config changes are made that affect
JOSM users, these config changes should not come from anonymous users.
Or else, if we don't want to do that, then we must at least invent
something that shields JOSM users from it - say, have a default mode in
JOSM that is "only accept configuration updates from registered JOSM
contributors" vs. "accept anonymous configuration updates from
everyone", with the default being option 1.
Bye
Frederik
--
Frederik Ramm ## eMail frederik at remote.org ## N49°00'09" E008°23'33"
More information about the josm-dev
mailing list