Jump to content

Amụma akụ nke ndị ọzọ Ederede nke mbu

From Meta, a Wikimedia project coordination wiki
This page is a translated version of the page Third-party resources policy and the translation is 35% complete.
Outdated translations are marked like this.

Ebumunuche

Ndị na-eji Wikimedia arụ ọrụ nwere ike iji scriptu onye ọrụ ma ọ bụ ngwa, ma ọ bụ ụdị mpe- akwụkwọ iji imezu arụmọrụ nke saịtị Wikimedia. Mgbe ụfọdụ ngwaọrụ ndị ahụ na-emekọrịta ma kee data n'etiti onye ọrụ na akụrụngwa kọmputa nke na nọghị na sava Wikimedia: akụrụngwa ndị ọzọ. Nke a ebutela mgbe ụfọdụ n'ikpughe akaụntụ na nsogbu nzuzo-onwe. Agbanyeghị usoro ojiji nke Wikimedia Foundation machidoro maka ikpuhe nzuzo nke ndị ọzọ,

[1][2] ma kwukwaa ọzọ na Foundation anabataghi, ma naghi etinye anya na akụrụngwa nke ndị ọzọ[3] Iji nye ndị na-eji Wikimedia aru ọrụ nzuzo-onwe ka mma, amụma ndị a na-emeju usoro ojiji nke Foundation site na ikpuchi ngalaba ndị a:

  • Ihe egwu metutara skriptu onye na iji ngwa ilodu akụrụngwa ndị ọzọ
  • Omume kacha mma maka ndị nrụpụta edemede (skriptu developas) na ndị na-emepụta ngwa
  • Administrative and technical measures to enforce best practices
  • Particular conditions that may warrant exemptions

Nkọwa

Ihe ndị a bụ nkọwa gbasara amụma a:

  • Akụrụngwa ndị ọzọ: akụrụngwa ndị ọzọ bụ akụrụngwa kọmputa nke dị nọ ebe ndi ozo na-abughi na webụsaịtị mmepụta Wikimedia.[4] Ha nwere ike ịgụnye mana ọnweghị oke na: skriptu ndi emechara, mpe-akwukwo udi (stailu shiti), onyonyo na faịlụ fọntụ, data JSON/JSONP.
  • Ndị na-ejiya arụ ọrụ: Ndị ọbịa na ndị ndezi webụsaịtị Wikimedia
  • ihe ogwugwa Nke-onwe: Data ọ bụla anakọtara site na ngwa ọrụ enwere ike iji mata gị n'onwe gị. Maka nkọwa zuru ezu, biko rụtụ aka na isi iwu nzuzo nke Wikimedia Foundation..

Okẹ̀

Amụma akụrụngwa nke ndị ọzọ dị ugbu a na-emetụta skriptu onye orụ na ngwa ndị ọrụ si-emekọrịta ihe n'etiti akụrụngwa kọmputa nke dị ebe ndi ozo na bughi n'ime weebụsaịtị mmepụta Wikimedia. Nke a nwere ike ịgụnye ọdịdị skriptu onye oru, ndezi ma ọ bụ ngwa eji egbochi mmebi, ịkpọ aha ole na ole, ọ bụrụhaala na ngwa ndị ahụ yana skriptụ onye orụ na-eji akụrụngwa nke ndị ọzọ aru oru.

Ihe egwu

Nchekwa ozi

Mgbe ngwa ma ọ bụ skriptụ onye ọrụ webatara(lodụrụ) akụrụngwa nke ndị ọzọ, ọ na-enyere akụrụngwa ahụ aka ikusasi data onye oru no na saịtị Wikimedia. Ọ bụ ezie na ọ bụghị ihe niile no na akụrụngwa ndị ọzọ di ọjọọ, ụfọdụ ndị nwe ha nwere ike iji ya mee ebumnuche ọjọọ dị iche iche. Ọmụmaatụ bu, ilodu akụrụngwa ndị ọzọ nwere ike bute mwakpo scripting saịtị (XSS), ebe akụrụngwa a na-ebute nwere ike iwepụta kuki, akara nnọkọ, ma ọ bụ ozi ndị ọzọ nwere mmetụta sitere na ndị ọrụ njedebe. Ọzọkwa, n'ihi na Wikimedia Foundation enweghị njikwa na nyiwe na platfomụ ndị ahụ, enwere ike igosipụta data nke-onwe ha na-anakọta n'amaghị ama, ma nyefee ha ndị ọchịchị n'obioma, ma ọ bụ kesaa ya na-etiti ndị ọzọ ndi a na-enweghi ikikere ijiko ọrụ ha ma ọ bụ nke Foundation.

Nzuzo-onwe onye ọrụ na nchekwa

Ngwa ma ọ bụ skriptụ onye orụ nke lodụrụ akụrụngwa nke ndị ọzọ na-eme ihe ndi ọzọ karịrị ijikọ (ikonekti) akụrụngwa ahụ. Ngwa ma ọ bụ script nke onye ọrụ na-ejikọta na akụrụngwa ndị ọzọ nwekwara ike kesaa ozi gbasara ndị ọrụ njedebe(end-users), gụnyere ngwaọrụ ha na-eji, ozi nchọgharị ha, na ọnọdụ ha. Nke a na-emetụta ngwa enyere ikikere no na arumaru Wikimedia, atumadi na ikesaa data nwere ike mee ma onweghi onye hutara. Na mgbakwunye, ọ bụrụ na akụrụngwa nke ndị ọzọ nwere agwa nsoghari, enwere ike ime ka enyochawa ngwa ọ bụla ma ọ bụ skriptụ na-elodụ n'anaghi ikike ma ọ bụ megide ọchịchọ ha, jiri ya mee ihe maka ego, nleba anya, ma ọ bụ ebumnuche ndị ọzọ achọghị.

Mkpachapụ anya achọrọ

Zere ilodụ akụrụngwa nke ezi

Ngwa na scriptụ onye ọrụ ekwesịghị ịlodu akụrụngwa ndị ọzọ. Ndị na edevelopụ akụrụngwa otú ahụ kwesịrị inyocha koodu ha, iji hụ na ọ naghị agụnye njikọ netwọk ọ bụla dịpụrụ adịpụ (dịka: HTTP, WebSocket) na akụrụngwa ndị ọzọ.

Tụlee skriptụ ọzọ

Ọ bụrụ na ọdabara, ndị nrụpụta ngwa na scriptu onye ọrụ nwere ike iji akụrụngwa dị-adị na sava Wikimedia ọzọ. Site na ndabara, MediaWiki na-abịa na ọtụtụ skriptu ma ọ bụ modul. Tupu ịtụle akụrụngwa ndị ọzọ ọ bụla, ndị developas nwere ike ịchọpụta ma enwere modul MediaWiki ma ọ bụ scriptụ ga emenwu otu udi ihe ichoro. Ma mgbe ichoro ijighari ma o bu imezi skriptu di-adi no na otu a, ọ bụkwa ihe omume dị mma ịgbaso ụkpụrụ nduzi n'ozuzu nke gbasara mmeputa ngwa na isi ihe mgbu dịka ijikota njehie na nhazi koodu.

Exemptions

Opt-in exemption granted by users

By default, gadgets and userscripts are not allowed to load non-production resources. However, users can authorize some gadgets and userscripts to load third-parties. In this case, users must opt-in — give their informed consent before using those specific gadgets and userscripts. While it is expected that users must express their consent through a flow similar to OAuth authorization, the practical implementation of this opt-in mechanism is purposely not written in detail in this policy. Instead, the opt-in exemption principle is referenced here to support the practical implementation once it is in place.[5]

Additional transparency requirements

Although users' consent is required, a third-party resource must also meet a number of transparency conditions before being embedded in gadgets and userscripts. To be exempted, an external resource must:

  • Have its source code public and referenced at Third-party resources policy/Noticeboard, alongside an up-to-date description of the personal information processed, and a point of contact for raising issues. This will help ensure public scrutiny and some auditability of the resource.
  • If the third-party resource is hosted on Wikimedia Cloud Services code, its code should comply with WMCS terms of use. Also, its code must be inspectable — the WMCS resource developer must ensure that the code hosted on WMCS is human-readable, except for configuration files containing credentials. This will ensure that automated code scanning and other auditing mechanisms can be carried out for better security and privacy.

Enforcement

If the use of third-party resources results in the violation of this policy, two sets of actions can help safeguard the privacy of end-users: manual removal and automated disabling.

Manual removal

Manual removal involves a direct intervention by Wikimedia users.

If you hold sufficient permissions and come across a gadget or user script which violates this policy, you can proceed in blanking the page and notify its author with a message on their talk page. If you are unsure whether you should remove the gadget or user script, please report it to an Administrator or Steward or send an email to the Foundation’s Security team (security-team[at]wikimedia.org).

Automated disabling through CSP

Automated disabling involves disabling at the software or server level with no direct human intervention. In the current policy, automated disabling takes the form of Content Security Policy (CSP). CSP is a layer of security within the MediaWiki software which can prevent the loading of third-party resources. Currently, this feature does not block any third-party resources but is only enabled in report-only mode on some wikimedia projects.[6]However, there are ongoing discussions to set CSP to enforce on all Wikimedia projects at some point in the future. Once it is in effect, CSP will also enforce this policy and bar user scripts and gadgets from loading third-party resources in production, unless those are covered by this policy's exemptions.


  1. Art 4 of the Foundation's Terms of Use, https://foundation.wikimedia.org/wiki/Terms_of_Use/en#4._Refraining_from_Certain_Activities
  2. The Wikimedia Foundation’s Privacy Policy does not cover how third parties handle the information they receive. See What This Privacy Policy Does & Doesn't Cover section of the Privacy Policy
  3. Art 9 of the Foundation's Terms of Use, https://foundation.wikimedia.org/wiki/Terms_of_Use/en#9._Third-party_Websites_and_Resources
  4. The term "production" has traditionally been used to identify core projects, technical sites, Foundation websites, and a number of Wikimedia community sites. See Complete list of Wikimedia projects/ig.
  5. It is worth noting that an opt-in exemption based on CSP was proposed in the past, see https://phabricator.wikimedia.org/T208188
  6. MediaWiki's CSP is enabled in report-only mode for group0 wikis, outreachwiki and small wikis. It doesn't block any external resources anywhere EXCEPT for the CentralNotice banner previews