[wiki] Third party untrusted code instructions

[Robie Basak]

Hi Paddy and Doug,

On Tue, Nov 20, 2018 at 04:02:05PM +0000, Paddy Landau wrote:
> Someone volunteered to put the three scripts onto GIT, but unfortunately it
> has not as yet happened.
> 
> If you, or anyone else reading this, would be willing to volunteer to put
> the scripts into GIT, I would be thrilled.

FWIW, any Launchpad user or team can store git repositories. Under
https://code.launchpad.net/~ubuntu-wiki-editors, for example.

> > It is effectively a third party alternate installer. I welcome efforts
> > like these, but I don't think they should be presented as "instructions"
> > or "documentation" without making it clear that the user is relying on
> > the trust of an entire third party program.
> 
> Would expanding the current disclaimer a bit and putting it on every
> page, not just the main parent page be adequate?

I think the disclaimer as-is explains that the responsible party to the
community wiki maintainers (and not Ubuntu official) adequately. But I
think that the link as it is right now shifts the responsibility out of
the domain of Ubuntu by relying on a third party account whose ownership
isn't clear.

How about a general policy that any links of this nature are always to a
git repository owned and managed by ~ubuntu-wiki-editors? Then control,
audit and responsibility would remain solely within the team that
already is in charge of the wiki, but hopefully it won't block this type
of useful work.

Then to start with the scripts can be pushed to git under
~ubuntu-wiki-editors as-is, and the links updated accordingly. Hopefully
that's a way forward.

This would address most of my concerns. I still don't like the idea that
the documention is directing users to run this code, but perhaps that
can be left for another time. (I suppose what bugs me about this over
documentation pointing to third party sources is that
~ubuntu-wiki-editors is left as the maintainer of code for which the
team generally has no expertise).

Robie