[Labs-l] Ensure your MediaWiki install is either locked-down or properly patrolled
Andrew Bogott
abogott at wikimedia.org
Wed Oct 3 17:33:45 UTC 2012
On 10/3/12 12:15 PM, Ryan Lane wrote:
> On Wed, Oct 3, 2012 at 7:49 AM, Andrew Bogott <abogott at wikimedia.org> wrote:
>> On 10/2/12 7:46 PM, Ryan Lane wrote:
>>> We've had some issues with really bad vandalism on some public
>>> instances that have MediaWiki installed in such a way that allows
>>> anonymous editing.
>> I've recently modified role::mediawiki-install::labs to automatically
>> install the Nuke, SpamBlacklist and ConfirmEdit extensions. I welcome
>> suggestions abou
>>
> We should likely default MediaWiki installs to require login to edit,
> and restrict account creation by default:
>
> # Only sysops can create new accounts.
> $wgGroupPermissions['*']['createaccount'] = false;
>
> # Anons can't edit
> $wgGroupPermissions['*']['edit'] = false;
I'll see about adding those. The downside is that puppetizing
restrictions like this means that admins pretty much can't turn them
off, even for well-considered reasons. Is there any established puppet
pattern for overriding Puppet's inclination to refresh files? (I can
imagine something like having a non-puppetized file that includes a
puppetized default file or something along those lines... but nothing
elegant.)
-A
More information about the Labs-l
mailing list