".mil" domains fall under the US Military banner which is released under a PD licence, so if its from "army.mil", its PD-USArmy, "navy.mil" is PD-USNavy, "marines.mil" is PD-USMarines etc .. all of US's military branch falls under ".mil" domain ..why was this not added before?
|Resolved||None||T64820 Allow copy upload files from WMF sites on Wikimedia Commons|
|Resolved||Steinsplitter||T75724 Whitelisting domain for GWToolset|
|Open||None||T60224 Add domains to $wgCopyUploadsDomains (tracking)|
|Declined||Dereckson||T118554 Please add <.mil> to the wgCopyUploadsDomains whitelist of Wikimedia Commons|
No, I'm not. That is saying that we trust every server that hosts any .mil domain website to be non-malicious and not compromised, which I don't currently know enough to assert.
Are .mil domains all governed by the same standards and security team? What are the requirements for setting up a site on a .mil domain?
".mil" domain are run fully by the US Military a.k.a, the US Department of Defense, Its definitely a secure domain and every information in this domain falls under the PD-USGov branch....its safe and non-malicious..much more safer than OUR severs thats for sure...
Hmmm.... that's not really the point but ''every'' is inaccurate. On .mil servers you could find information forwarded by allies, like for example NATO missions. A media is in the public domain if it's a work of an US soldier (or any other US federal government agent), not because it's published on .mil.
There are two concerns in your answer:
- the copyright matter
- the security matter
The copyright matter assertion is the responsibility of the Commons community. If trusted Commons users say "okay, we know what we do, these domains are acceptable because (some rationale)", that's enough. So, and let put some emphasis, On a copyright-only point of view, this request is totally acceptable.
But then, there is the security point of view. To add .mil domains to the whitelist means there is a possibility of direct connection between the Wikimedia network and any .mil server. CSteipp explains regularly they found rather scary the idea of such open connection, as it would allow 0 day exploits to be used, on the remote server or on Wikimedia servers (ie if a domain isn't in the whitelist, it's more difficult to compromise Wikimedia servers to attack this remote domain).
It's considered acceptable to whitelist discrete and small domains (sometimes it's only one server), because it would be low risk, low impact.
You state "are run fully by the US Military a.k.a, the US Department of Defense". What's the meaning of fully? How do you know that? Have you a DoD policy to show us? As far as we know, some .mil servers, especially those of smallers bases, could be maintained by hobbyists soldiers.
Some reality checks:
- We currently face a SSL/TLS transition to better (to mitigate and prevent attacks like heartbleed, poodle, beast). Yet, http://news.netcraft.com/archives/2015/10/26/u-s-military-cyber-security-fails-to-make-the-grade.html shows military domains still use technologies nowadays considered as compromised (I beg to differ to your unsourced statement "its safe and non-malicious...much more safer than our servers thats for sure" in regard to this piece of information, some security experts consider it's not)
- Content and operations are managed directly on site for some sites, for example http://allhands.coastguard.dodlive.mil, a Wordpress installation using ShareThis and Disqus
- In 2003, the domain registration were publicly accessible to everyone with the URL, indexed by Google: http://www.theregister.co.uk/2003/01/24/dod_offering_admin_privileges/ http://www.slashdot.org/story/03/01/26/1449249/register-your-own-mil-domain
- In 1999, the situation were (i) content first (ii) security after: http://www.washingtonpost.com/wp-srv/national/dotmil/arkin021599.htm
Per Steinsplitter comment, we can currently use https://tools.wmflabs.org/url2commons/.
Future requests for a specific GLAM or mass upload military project would be acceptable.
But the whitelisting of all the TLD doesn't make as much sense as to find a constructive solution to allow upload from everywhere.