Steps to Reproduce: View source of a mediawiki installation
Actual Results: Shows MW version
Expected Results: Do not show version or provide an easy way not to have it displayed.
Description
Description
Event Timeline
Comment Actions
MW makes it very visible in numerous places. So just hiding it in one place does not make any sense
Comment Actions
I don't think it would be useless. It would remove it from the source of millions of pages and require from anyone who wants to know the version an extra step and knowledge of the software, rather than simply viewing source.
Comment Actions
If they want to know, they would be able to find out trivially. It's not going to stop them if they're determined enough.
Comment Actions
The point of security is making things harder to people (or bots) with malicious intent. That said, I am not against changing Special:Version. At the very least, it should not be accessible (or some of its critical information) to non-logged in users.
Security is hardly a trivial matter. Wikimedia may have professionals in charge of this, but there are thousands of outdated installations out there (with known vulnerabilities), and giving anyone access to the exact version just by examining the source is handing them valuable information on a platter.
Comment Actions
If they're running old outdated, unpatched installations, fixing it in newer versions doesn't help if they're never going to upgrade anyway
https://en.wikipedia.org/wiki/Security_through_obscurity
Security through obscurity (or security by obscurity) is the reliance in security engineering on design or implementation secrecy as the main method of providing security to a system or component. Security experts have rejected this view as far back as 1851, and advise that obscurity should never be the only security mechanism.
Most wikis allow free and open signup. So you're adding a minor hurdle that, again, is not going to stop them if they're determined enough.
Comment Actions
Oh, and Special:Version also gives credit to all of our active developers, which has a social importance which shouldn't be underestimated.
Comment Actions
If the version wasn't available directly, one could just as easily try to use a feature that was introduced in version x, and based on whether the feature exists or not will know whether the version is before x or not. If sites are using outdated and unsupported version of mediawiki with known vulnerabilities, obscuring the version info doesn't address the underlying vulnerabilities. Per above, it is useful to be able to find the version.