Sentiment: The discussion reflects general agreement to move from the current domain to an alternative containing “Wikimedia”. The reason expressed by the promoters of this change is that the domain must reflect an official Wikimedia site. On the other hand, many users don’t seem bothered by the current domain now that the Forum is filled with Wikimedia participants and content. *.wikimedia.org options have been discouraged by the Wikimedia Site Reliability Engineering team as long as this Forum is hosted on a third-party server. We are still in the brainstorming phase. No alternative names to “Movement Strategy Forum” have been proposed.
Neutral - Using a wikimedia.org domain involves a security trade-off that should be analyzed by our security experts.
Critical - The domain should include “wikimedia” to show it is a trustable and official site where the usual privacy and safety/anti-harassment promises of the movement apply.
Critical - “MS Forum” sounds like an antiquated Microsoft product,
while .org TLD sounds like it is formalized as an NGO.
Critical - .org is misleading because identifies an organization, and “Movement Strategy” is not one.
It doesn’t make sense that we’re hogging this generic domain. We should release it so that it can be used by someone who develops the thinking about movement strategies in general. (Even if no one is queuing for it we should set it free.) Let’s just use one of the many good domains we have. In my opinion, this should be at strategy.wikimedia.org/forum
Thank you for this feedback. Let me share some background first.
We wanted to have a community review with a real site that people could use to better understand what is being proposed. The site (this forum) needed a name and a URL. This is why we went for the simplest and fastest route:
Pick the most basic name we could think of: “Movement Strategy Forum”. Leave any alternative suggestions to the community review.
Pick a domain that we can easily set up for this review and throw away if a better alternative is agreed upon during the review (or if the review ends up shutting down this forum).
One reason why we didn’t use it for this community review is that it saved us a trademark hop. If the forum is here to stay, the trademark check is not a problem.
About using [something].wikimedia.org, when we casually asked our Site Reliability Engineering colleagues, the technical discussion about the architecture of domains and security considerations ended up being more complex than I expected. This too partially depends on the community review.
Well, depends. We have discussed this idea a bit in our team. Touching the resolution might be easy but then we need to find a destiny for that wiki. URL change or archive it for good, both options mean work, also broken links that someone might complain about.
This makes things more complicated from a technical point of view. Discourse is designed to work on a subdomain (i.e. forum.etc.org). It can work on a domain with some tweaks (ourforum.org). Running it on a directory (as you suggest) is not supported, probably a technical pain to make it work and (I’m not a security expert but) probably a way to expose it to more vulnerabilities.
Point taken! However, note that as long as the name of this space has 23 characters, people will find ways to shorten it up. So… should we keep this name, get away with “MS Forum” for casual use, or find an alternative?
Using a wikimedia.org domain involves a security trade-off - the domain hierarchy is used by web browsers as a trust boundary, so code running on e.g. strategy.wikimedia.org can to some extent interact with code running on meta.wikimedia.org (or login.wikimedia.org etc). The extent of it is relatively minor, but it does make some attacks easier. If this site is considered less trusted than our MediaWiki sites (either because we consider Discourse to be less secure than MediaWiki or because the site is administered by an external contractor), that could reduce the security of our main sites somewhat.
On the other hand, a *.wikimedia.org site makes it very clear to the user that this is an official site of the Wikimedia movement, where the usual privacy and safety/anti-harassment promises of the movement apply.
If this site is so much less secure that this was a serious consideration we should immediately add big red warning signs in the site header and follow up all invitations that have been sent with warning messages. I don’t think we should use platforms or contractors we don’t trust regardless of the domain name.
This type of structure (which yesterday I learned it is called 4th level domain) is technically possible, yes.
This is not what @Tgr said. The idea is general for web security and not specific to this site: vulnerabilities in a subdomain may extend to the domain and to other subdomains, and this is a good reason to think it twice before mixing different applications under the same domain.
Discourse is a well maintained software that releases updates basically every month and especially highlights security updates. This forum is hosted in the server of the company leading the development of Discourse, and we get the security patches and other updates as soon as they are released.
I agree, and we trust this platform and this contractor. They have gone through the security and legal review process common to all our deployments of third party software. This is explained in this topic pinned to ensure that anyone interested doesn’t miss it: User privacy considerations in this forum.
We can safely go back to the discussion about names and domains.
My (admittedly not so well-informed) assumption is that this site is somewhat less secure than Wikipedia, but then “less secure than a top 10 website” really isn’t saying much. Security is always a tradeoff between cost and risk; Wikipedia being breached is high risk (and at least somewhat high reward for the hacker given the huge readership), a discussion forum being breached is low risk (and low reward), so it’s totally fine if its security is merely high and not very high. As long as it doesn’t risk Wikipedia’s security, which would be something to consider in the case of a shared domain. The risk might be small enough to be acceptable, and I’m certainly no expert on it; all I’m trying to say is that using a *.wikimedia.org domain is not the no-brainer decision one might think it is.
The first post contains a summary of the discussion so far. The top post is editable, and anyone can contribute to improving it. We will try to update it on a weekly basis in conjunction with the community review weekly reports.
Offhand I also like forum.wikimedia.org, so I added it to the list at the top. Is there some reason that we would e.g. want a different forum for strategy vs any other movement-wide topic?
It doesn’t really matter because all publicly-editable Wikimedia wikis share their login system, and the system of user scripts means that any kind of account takeover can easily be turned into Javascript injection. If you have broken into one Wikimedia wiki, you have broken into all of them.