Makes no sense to me to exclude data from these tables that is already available through MediaWiki API. Why would you hide "gender" here when it is accessible through something like [1]?
Of course, we should make sure only to allow gender to be accessible in Labs DB if it is public (if private, you won't get it through API either). But to remove it from Labs and claim it to be a security issue is shortsighted. Either also convince this to be removed from API, or allow it on Labs DB, IMHO. [1] https://en.wikipedia.org/w/api.php?action=query&list=users&ususers=Catrope&usprop=blockinfo|groups|editcount|registration|emailable|gender On Wed, Nov 30, 2016 at 9:45 AM, Chase Pettet <[email protected]> wrote: > Hi Jonathan, > > My working assumption is if either party has a substantial objection to > revealing data it will not be disclosed. Both have their own independent > reasoning process and discernment on the risk of the same PII. Two "Yes's" > is a "Yes", but one "No" is always a "No" and all that. > > Cheers, > > Chase Pettet > > On Tue, Nov 29, 2016 at 1:09 PM, Jonathan Morgan <[email protected]> > wrote: > >> Out of curiosity (not snark), who has final say on these matters: >> Security, or Legal? >> >> - J >> >> On Tue, Nov 29, 2016 at 8:17 AM, Chase Pettet <[email protected]> >> wrote: >> >>> Hey Marc (how's it going?) >>> >>> Bugzilla 58196 became https://phabricator.wikimedia.org/T60196 >>> >>> Thanks for calling that out, I didn't know some of the backstory. >>> >>> Members of the Security team made the call on removal and I will let >>> them speak for themselves on rationale. At the moment, the task for this is >>> protected by policy (due to the mentioned privacy concerns) >>> https://phabricator.wikimedia.org/T150679 but I believe you are able to >>> access it to engage with questions. >>> >>> >>> On Tue, Nov 29, 2016 at 10:09 AM, Marc-Andre <[email protected]> wrote: >>> >>>> Hey Chase, >>>> >>>> On 2016-11-28 03:02 PM, Chase Pettet wrote: >>>> >>>> On review, these properties have been deemed sensitive by our security >>>> folks: >>>> >>>> user_properties: language, skin, timecorrection, varient >>>> >>>> >>>> Perhaps "our security folk" should make up their mind? >>>> >>>> That list was specifically approved by legal as okay. See >>>> https://phabricator.wikimedia.org/T66115 and the (long, involved) >>>> prior discussion leading to it at bz 58196 (did we keep an archive of >>>> those)? >>>> >>>> -- Coren / Marc >>>> >>>> >>>> _______________________________________________ >>>> Labs-announce mailing list >>>> [email protected] >>>> https://lists.wikimedia.org/mailman/listinfo/labs-announce >>>> >>>> >>> >>> >>> -- >>> Chase Pettet >>> Engineering Manager -- Labs >>> chasemp on phabricator <https://phabricator.wikimedia.org/p/chasemp/> >>> and IRC >>> >>> _______________________________________________ >>> Labs-announce mailing list >>> [email protected] >>> https://lists.wikimedia.org/mailman/listinfo/labs-announce >>> >>> >> >> >> -- >> Jonathan T. Morgan >> Senior Design Researcher >> Wikimedia Foundation >> User:Jmorgan (WMF) <https://meta.wikimedia.org/wiki/User:Jmorgan_(WMF)> >> >> >> _______________________________________________ >> Labs-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/labs-l >> >> > > > -- > Chase Pettet > Engineering Manager -- Labs > chasemp on phabricator <https://phabricator.wikimedia.org/p/chasemp/> and > IRC > > _______________________________________________ > Labs-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/labs-l > >
_______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
