On Sun, 27 Feb 2011, Frederik Ramm wrote:
No, we don't want that really. Anonymous editing is a major part of the
JOSM concept till now and most important contributions are anonymous or
not logged in and I spent really a lot of time into improving the Trac
spamfilter to be a usable tool to find potential issues.
Beside this Sebastian and I monitor every change afterwards and check if
they are dangerous or spammy.
I'm not talking about help pages etc., i'm talking about JOSM configuration
options that are now in Trac. If we want to allow anonymous edits to them,
then I suggest that we should invent something where these things are signed
by someone and JOSM only uses them after they have been signed.
I find it unacceptable that someone can inject any imagery source or preset
or map style into *every* JOSM instance without even having to log in.
Well. This is not the case. You still need an active user-interaction to
activate something. Before you only have a list of installable options.
And this is a common method for a lot of software tools today (one of the
major ones beeing Mozilla Firefox).
Yes, there will be a time inbetween, when dangerous stuff can be included,
But this is a problem with OpenSource in general.
No. In the normal OSM SVN we at least have accountability - if someone
uploads something malicious then we know who it was and we can block the
account, or at least people know "stuff uploaded by X is not trustworthy".
Well this is not really a valid argument. You only know a virtual
personality. As I already said - when doing malicious code then all of
these ways can be used relatively easy. Even getting malicious code into
JOSM core is easy and there the restrictions are much higher than for
OSM-SVN.
All I'm saying is that I want the same accountability on the JOSM trac *if*
JOSM is built in a way to automatically download configuration information
from there.
This is wrong. We don't download configuration information. We download
extension lists presented to the user to choose from.
If someone downloads a .jar file from somewhere on the net and installs it -
their problem. If someone clicks "update plugins" in his out-of-the-box JOSM
installation and gets malicious code - our problem. I am not requesting that
we find ways to perfectly prevent it, but I think accountability ("user XYZ
changed the plugin list on <date>") is absolutely required. Otherwise this
*will* be abused sooner or later, and massively reduce the trust users place
in JOSM. We must think about these things before they happen. We have a
responsiblity towards our users that we cannot simply do away with by saying
"there lots of other ways how users can shoot themselves in the foot so why
bother if JOSM adds some more".
Sure there can be abuse in the future. But what I try to tell you is, that
we can't prevent that at all. To get security we need to constantly watch
the current state. Raising the initial barrier means for me personally
much more work, as I need to have a much closer look on the new lowest
level (the OSM-SVN in this case).
I'm not willing to reduce the openess of JOSM only because of
considerations of potential misuse as long as the problem cannot be solved
at all. We do our very best to encourage the methods we have a
little better under contral (like OSM-SVN and Trac) and till now this
strategy works fine.
If you think it is necessary, you can add "You are downloading extensions
from external sources" in case styles/presets/plugins are installed. But I
doubt users really read these texts or react accordingly. At least I
myself know nobody who stops doing what he is doing only because the
program tells him there is potential danger involved.
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
_______________________________________________
josm-dev mailing list
[email protected]
http://lists.openstreetmap.org/listinfo/josm-dev
