Page MenuHomePhabricator

Please add <.mil> to the wgCopyUploadsDomains whitelist of Wikimedia Commons
Closed, DeclinedPublic

Description

".mil" domains fall under the US Military banner which is released under a PD licence, so if its from "army.mil", its PD-USArmy, "navy.mil" is PD-USNavy, "marines.mil" is PD-USMarines etc .. all of US's military branch falls under ".mil" domain ..why was this not added before?

Event Timeline

Stemoc created this task.Nov 13 2015, 10:08 AM
Stemoc assigned this task to zhuyifei1999.
Stemoc raised the priority of this task from to Needs Triage.
Stemoc updated the task description. (Show Details)
Stemoc added a subscriber: Stemoc.
Stemoc set Security to None.
Revent added a subscriber: Revent.Nov 13 2015, 10:16 AM

Per enwp article on .mil the domain is only used for US Military. Should be safe on copyright problems.

Change 252908 had a related patch set uploaded (by Zhuyifei1999):
Add *.mil to server-side upload whitelist

https://gerrit.wikimedia.org/r/252908

Dereckson added subscribers: csteipp, Dereckson.

@csteipp: are you fine with this whitelist entry?

Dereckson triaged this task as Normal priority.Nov 13 2015, 11:06 AM

@csteipp: are you fine with this whitelist entry?

No, I'm not. That is saying that we trust every server that hosts any .mil domain website to be non-malicious and not compromised, which I don't currently know enough to assert.

Are .mil domains all governed by the same standards and security team? What are the requirements for setting up a site on a .mil domain?

".mil" domain are run fully by the US Military a.k.a, the US Department of Defense, Its definitely a secure domain and every information in this domain falls under the PD-USGov branch....its safe and non-malicious..much more safer than OUR severs thats for sure...

I suggest to use https://tools.wmflabs.org/url2commons/index.html
On url2commons *all* domains are allowed.

".mil" domain are run fully by the US Military a.k.a, the US Department of Defense, Its definitely a secure domain and every information in this domain falls under the PD-USGov branch....its safe and non-malicious..much more safer than OUR severs thats for sure...

Hmmm.... that's not really the point but ''every'' is inaccurate. On .mil servers you could find information forwarded by allies, like for example NATO missions. A media is in the public domain if it's a work of an US soldier (or any other US federal government agent), not because it's published on .mil.

There are two concerns in your answer:

  • the copyright matter
  • the security matter

The copyright matter assertion is the responsibility of the Commons community. If trusted Commons users say "okay, we know what we do, these domains are acceptable because (some rationale)", that's enough. So, and let put some emphasis, On a copyright-only point of view, this request is totally acceptable.

But then, there is the security point of view. To add .mil domains to the whitelist means there is a possibility of direct connection between the Wikimedia network and any .mil server. CSteipp explains regularly they found rather scary the idea of such open connection, as it would allow 0 day exploits to be used, on the remote server or on Wikimedia servers (ie if a domain isn't in the whitelist, it's more difficult to compromise Wikimedia servers to attack this remote domain).

It's considered acceptable to whitelist discrete and small domains (sometimes it's only one server), because it would be low risk, low impact.

You state "are run fully by the US Military a.k.a, the US Department of Defense". What's the meaning of fully? How do you know that? Have you a DoD policy to show us? As far as we know, some .mil servers, especially those of smallers bases, could be maintained by hobbyists soldiers.

Some reality checks:

Change 252908 abandoned by Zhuyifei1999:
Add *.mil to server-side upload whitelist

Reason:
Security concerns per phab ticket

https://gerrit.wikimedia.org/r/252908

zhuyifei1999 removed zhuyifei1999 as the assignee of this task.Nov 15 2015, 5:58 AM
zhuyifei1999 added a subscriber: zhuyifei1999.
Dereckson closed this task as Declined.Nov 15 2015, 3:03 PM
Dereckson claimed this task.

Per Steinsplitter comment, we can currently use https://tools.wmflabs.org/url2commons/.

Future requests for a specific GLAM or mass upload military project would be acceptable.

But the whitelisting of all the TLD doesn't make as much sense as to find a constructive solution to allow upload from everywhere.

Restricted Application removed a subscriber: Liuxinyu970226. · View Herald TranscriptNov 15 2015, 3:03 PM
Yann added a subscriber: Yann.Nov 17 2015, 1:32 PM
Restricted Application added subscribers: Malyacko, JEumerus. · View Herald TranscriptMar 7 2016, 5:03 PM