Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [MediaWiki-announce] [ConfirmEdit][ReCaptcha] Call-to-Action: ReCaptcha module will be removed in the near future

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [MediaWiki-announce] [ConfirmEdit][ReCaptcha] Call-to-Action: ReCaptcha module will be removed in the near future


Chronologisch Thread 
  • From: "Florian Schmidt" <florian.schmidt.welzow AT t-online.de>
  • To: <mediawiki-announce AT lists.wikimedia.org>, <wikitech-l AT lists.wikimedia.org>
  • Subject: [IT-SecNots] [MediaWiki-announce] [ConfirmEdit][ReCaptcha] Call-to-Action: ReCaptcha module will be removed in the near future
  • Date: Thu, 4 Aug 2016 22:58:44 +0200
  • Authentication-results: mail.intern.piratenpartei.de (MFA); dkim=pass (1024-bit key) header.d=lists.wikimedia.org
  • List-archive: <https://lists.wikimedia.org/pipermail/mediawiki-announce/>
  • List-id: MediaWiki update and security announcements list <mediawiki-announce.lists.wikimedia.org>

Hi all together,



first of all: If you don't use ConfirmEdit with the ReCaptcha (NOT the
ReCaptchaNoCaptcha) module, you can STOP reading here :)



TL;DR

Please upgrade to the ReCaptchaNoCaptcha module to use a supported version
in the future and please respond to [1], if you've an opinion about the
deprecation/removal plan(s).



Long version:

As you may know, ConfirmEdit[2] (the MediaWiki extension that helps you to
fight against spam) supports different CAPTCHA modules, such as a
MathCaptcha (where the user has to solve a math problem) or QuestyCaptcha
(where the user has to answer a pre-defined question). Another module is
Google's ReCaptcha[3][4], in both versions, the old v1 and the newer v2
(also called NoCaptcha). In December 2014, Google announced a new version of
the ReCaptcha CAPTCHA-service, called ReCaptcha NoCaptcha (or ReCaptcha v2).
ConfirmEdit currently supports both versions, as Google did the same until
recently. Now, as you can read on the FAQ page of ReCaptcha[5], Google
stopped supporting the v1 of ReCaptcha. This means, that no new features are
developed and that new keys registered for ReCaptcha will work with the new
version 2 only. This let me come to the conclusion, that ReCaptcha v1 will
not be supported by Google at all anymore in the near future. In order of
this, we should ask our self, how long we want to support the old ReCaptcha
module in ConfirmEdit (which, compared to the NoCaptcha module, _seems_ to
be less effective). The mid-term plan is clear: remove the old ReCaptcha
module. Now there are two ways to achieve this:



* Deprecate the old reCaptcha in Version 1.27 of MediaWiki (would be a
so called backport) and remove it in the upcoming 1.28 release
* Deprecate the old reCaptcha in the upcoming Version 1.28 of
MediaWiki and remove it:

* in MediaWiki 1.29 or
* when Google doesn't support the old reCaptcha anymore



Because this is a huge problem for existing third-party wikis (and because
we don't have any usage statistics), I'm not sure, which plan we should
choose. That's why I sent this e-mail out, to get (hopefully) some responses
and opinions.



So, the call-to-Action: If you still use the old ReCaptcha module, please
plan to upgrade to the new version 2 of ReCaptcha as soon as possible and
let us know (the best way is a comment in the task[1]), if you need the old
ReCaptcha version supported as long as Google supports it, or if you're fine
with removing it in the upcoming 1.28 release of MediaWiki.



To be absolutely clear: The ReCaptcha module will be removed, the only
question is when: in MediaWiki 1.28 or in MediaWiki 1.29.



If you've any questions, feel free to answer to this e-mail, add a comment
to the linked task, contact me in IRC or write me an e-mail (if you need a
private conversation).



Thanks for your attention and for using ConfirmEdit!



Best,

Florian



[1] https://phabricator.wikimedia.org/T142133

[2] https://www.mediawiki.org/wiki/Extension:ConfirmEdit

[3] https://en.wikipedia.org/wiki/ReCAPTCHA

[4] https://www.google.com/recaptcha/intro/index.html

[5] https://developers.google.com/recaptcha/docs/faq



_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce


  • [IT-SecNots] [MediaWiki-announce] [ConfirmEdit][ReCaptcha] Call-to-Action: ReCaptcha module will be removed in the near future, Florian Schmidt, 05.08.2016

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang