[Wikitech-l] Local Development Updates and New Mailing List

[Jeena Huneidi]

Hello Everyone,

TL;DR:
New mailing list for local dev discussion ->
https://lists.wikimedia.org/mailman/listinfo/local-dev
New wiki page for updates ->
https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Local_Dev_Updates

This year’s developer satisfaction survey[0] revealed that many people felt
there wasn’t enough communication around local dev improvement efforts. In
fact, some people didn’t even know that there were any. The following is a
brief history of those efforts and an update on what we have in progress,
as well as some ways for us to communicate and keep informed about the
local development space.

A little under 2 years ago, I took on the task of developing a
container-based development environment for mediawiki and services,
partially since our production deployments are moving in that direction. As
someone who had never done development on Mediawiki and its surrounding
extensions and services, and whose job was not to do that development, this
was (and is) a challenge. Here’s a quick outline of what I, with other
contributors, did since then:

   1. Coded and analyzed the 2019 developer satisfaction survey[1] and did
   one on one interviews with developers to understand the problems faced by
   developers.
  - This research provided insights into areas in and out of the scope
  of local development that probably deserve more attention
   2. Created a prototype in minikube[2]
   - Brennen Bearnes created the dev-images repo to support this work
  - Demonstrated at the Prague Hackathon in 2019
  - Did not generate much interest
  - Confirmed suspicions that kubernetes is not an ideal tool for
  developing
   3. Led local-dev work group meetings
   4. Presented findings and ideas at Tech Conf in 2019[3] with Brennen
   - Together with session attendees, decided to create
  mediawiki-docker[4], a lightweight dev solution for pure mediawiki
  developers.
   - Had another session to attempt to figure out what kinds of services,
  etc, could be grouped together for more complex development environments,
  but didn’t explain this in a way that session attendees understood, and
  they probably left frustrated
   5. Continued work on mediawiki-docker, and a cli[5] to simplify
   repetitive docker commands
  - Kosta Harlan, along with Brennen, Mukunda Modell, and James
  Forrester headed this up
  - Zeljko Fillipin (and a bunch of other people!) worked on
  documentation of setting up a number of extensions to use with
  mediawiki-docker, which indicates some adoption of mediawiki-docker

You can collaborate with us or track our progress by visiting our
phabricator work board[6]. Tasks welcome :)

As a preview, some open tasks are:

   - Command-line wrapper for interacting with core's docker-compose stack -
   https://phabricator.wikimedia.org/T246111
  - Tasks under this task to make the CLI more useful


   - Set up distribution of MediaWiki-Docker CLI -
   https://phabricator.wikimedia.org/T250241
   - Accomplishing this means devs can use cli commands to interact with
  mediawiki-docker without cloning the cli repo and building the project


   - Set up CI for mediawiki-docker -
   https://phabricator.wikimedia.org/T248779
   - So we can avoid regressions

We’re still exploring the best way to manage docker-compose files for
different extensions and services for a more complex development
environment.

To address the concerns about lack of communication in a more consistent
manner, I’d like to introduce a long-overdue way for us to have discussion
on local dev topics through a new local-dev mailing list:
https://lists.wikimedia.org/mailman/listinfo/local-dev. I’ve also created
this wiki page for updates about local-dev:
https://www.mediawiki.org/wiki/Wikimedia_Release_Engineering_Team/Local_Dev_Updates.
Since I’ve recently created this page, there is not much to see there at
the moment.

If you've made it this far, thanks for reading! I hope these changes will
help improve communication and collaboration with everyone who wants to
participate.

[0] https://www.mediawiki.org/wiki/Developer_Satisfaction_Survey/2020
[1] https://www.mediawiki.org/wiki/Developer_Satisfaction_Survey/2019
[2] https://gerrit.wikimedia.org/g/releng/local-charts
[3]
https://docs.google.com/presentation/d/1ZuQGkzXylvJnPSmP4epKjsS7TghXvK99AwXTHdNng4c/edit?usp=sharing,
https://docs.google.com/presentation/d/15a5yxOyPGlOADIQ6D4MmxM7ucvkec2ySpeRv-6p85o4/edit?usp=sharing
[4] https://www.mediawiki.org/wiki/MediaWiki-Docker
[5] https://gerrit.wikimedia.org/g/mediawiki/tools/cli
[6] https://phabricator.wikimedia.org/tag/mediawiki-docker/

-- 
Jeena Huneidi
Software Engineer, Release Engineering
Wikimedia Foundation
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] MediaWiki Extensions and Skins Security Release Supplement (1.31.9/1.34.3/1.35.0)

[Scott Bassett]

Greetings-

With the security/maintenance release of MediaWiki 1.31.9/1.34.3/1.35.0
[0], we would also like to provide this supplementary announcement of
MediaWiki extensions and skins with now-public Phabricator tasks, security
patches and backports [1]:

== MobileFrontend ==
+ (T238075) - Alert group Cookie(s) without HttpOnly flag are set due to
default configuration
< https://gerrit.wikimedia.org/r/q/I8e84f1cbc8878974532b511cebd9de40c5de55c6
>

== MobileFrontend ==
+ (T262213, CVE-2020-26120) - XSS on Pages viewed within MobileFrontend
extension
< https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea
>

== CentralAuth ==
+ (T260485, CVE-2020-25869) - CentralAuth uses wrong actor ID when locally
suppressing the user
< https://gerrit.wikimedia.org/r/q/Iaa886a1824e5a74f4501ca7e28917c780222aac0
>
< https://gerrit.wikimedia.org/r/q/I2336954c665366a99f9995df9b08071d4de6db79
>

== FileImporter ==
+ (T262628, CVE-2020-26121) - FileImporter imports the file even when the
target page is protected on Commons
< https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b
>

The Wikimedia Security Team recommends updating these extensions and/or
skins to the current master branch or relevant, supported release branch
[2] as soon as possible. Some of the referenced Phabricator tasks above
_may_ still be private. Unfortunately, when security issues are reported,
sometimes sensitive information is exposed and since Phabricator is
historical, we cannot make these tasks public without exposing this
sensitive information. If you have any additional questions or concerns
regarding this update, please feel free to contact secur...@wikimedia.org
or file a security task within Phabricator [3].

[0]
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-September/000260.html
[1] https://phabricator.wikimedia.org/T256342
[2] https://www.mediawiki.org/wiki/Version_lifecycle
[3] https://www.mediawiki.org/wiki/Reporting_security_bugs

-- 
Scott Bassett
sbass...@wikimedia.org
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] GitLab consultation is open!

[Greg Grossmeier]

Hello!

The GitLab consultation 
open discussion period is ending this week
! Please engage
with the discussion on the talk page
; notable topics
include workflows (how best to use a merge request style system) and
inclusion/onboarding.

Given I failed to send out the "1 week left!" reminder last week on
Wednesday, I've extended the official close of discussion

to Friday October 2nd.

After the close of discussion the consultation working group members will
begin our deliberations and creation of summary documentation.

Best,

Greg


On Wed, Sep 2, 2020 at 12:15 PM Greg Grossmeier  wrote:

> Hello all,
>
> I am pleased to announce that the GitLab consultation is now open.
>
> The open discussion period is set to run for 4 weeks, starting today.
>
> Please see the consultation page for all of the details regarding how the
> consultation will work:
> https://www.mediawiki.org/wiki/GitLab_consultation
>
> And the associated talk page where we welcome and encourage your
> engagement:
> https://www.mediawiki.org/wiki/Talk:GitLab_consultation
>
> Thank you,
>
> Greg
>
> --
> | Greg GrossmeierGPG: B2FA 27B1 F7EB D327 6B8E |
> | Dir. Engineering Productivity   A18D 1138 8E47 FAC8 1C7D |
>
>

-- 
| Greg Grossmeier  GPG: B2FA 27B1 F7EB D327 6B8E |
| Dir. Engineering Productivity A18D 1138 8E47 FAC8 1C7D |
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] The Second round of voting for mediawiki logo just started!

[bawolff]

TBH, I was under the impression that the second round was going to be
narrowing down to top contenders (maybe the 3 or so top designs), not
choosing the top contender (I guess that's my fault though, it wasn't
stated anywhere that that was going to be the case or anything). It was
kind of hard to follow the first round with 20 something proposals, with
some of them benefiting from showing up earlier than others, and most of
the votes taking place during the time period where votes were allegedly
not going to count yet. I did notice that some of the people voting had
never previously edited mediawiki.org (Or made very few previous edits). It
kind of feels a little weird to treat this as a "vote" (and not a
"consensus" building exercise) if we don't have eligibility criteria.

I do kind of wish there was a none of the above option. Looking through the
votes, I definitely see some people saying things like "Least bad option",
which is not exactly an inspiring show of support.

--
Brian

On Mon, Sep 28, 2020 at 8:50 AM Amir Sarabadani  wrote:

> Hey,
> The first round was using the standard voting process in wikis (using
> support/oppose and the thresholds like 70%) and this is the way we elect
> admins, checkusers or other user rights, or change policies in Wikis. I
> don't recall that there has ever been anyone elected as admin with below
> 70% or we have ever changed any policies with below 70% (not to mention the
> runner up logos are 56% and 61%, basically for any support, they had an
> opposition). Our logo is similar, no logo except proposal six could reach
> seventy percent and while there were good designs that almost made it but
> clearly none of them has enough support (and percentage of support) to
> reach the next round. That's a pity (one of the runner ups was actually by
> me) but if that's what the community wants, I happily accept it.
>
> The second round has always been
> 
> about different variants of the logos that pass the first round.
>
> HTH
>
> On Mon, Sep 28, 2020 at 9:30 AM Adam Wight 
> wrote:
>
>> Hi, thanks for helping coordinate this process!
>>
>> I have concerns about what happened between round 1 and round 2, it seems
>> that we're no longer left with a real choice.  It's unclear what method was
>> used to tally the round 1
>> 
>> votes, was this a "support percentage"?  Whenever a vote is taken, it's
>> important to stick to democratic norms, basically "one person, one vote".
>> Round 2 is entirely variations on a single proposal, which disenfranchises
>> everyone who didn't prefer that design.  Is it too late to discuss?
>>
>> Kind regards,
>> Adam
>> On 9/25/20 11:42 PM, Amir Sarabadani wrote:
>>
>> Hello,
>> The subject line is self-explanatory, you can go to the voting page
>> 
>> and cast your vote.
>>
>> This is going to continue for a month and it's about different variants
>> of the top contender (different colors, different wordmarks, etc.). You
>> need to order logos based on your preference (the most preferred one first,
>> the least preferred one the last) and then cast your vote. The final winner
>> will be chosen using Schulze method
>> .
>>
>> If you have mistakenly voted in the test phase, you can just copy your
>> vote from the test page
>>  to the
>> actual voting page
>> 
>> (the numbers of logos haven't changed).
>>
>> Special thank you to Chuck Roslof from WMF legal for doing the
>> preliminary clearance of the proposal.
>>
>> Have a nice weekend!
>> --
>> Amir (he/him)
>>
>>
>> ___
>> Wikitech-l mailing 
>> listWikitech-l@lists.wikimedia.orghttps://lists.wikimedia.org/mailman/listinfo/wikitech-l
>>
>> ___
>> Wikitech-l mailing list
>> Wikitech-l@lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>>
>
>
> --
> Amir (he/him)
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] The Second round of voting for mediawiki logo just started!

[Adam Wight]

Hi Amir, thank you for the patient explanation!

Yes, it makes sense now.  I've been thrown off by wiki election math 
(again [1]).


I also happily accept the community consensus even if it endorses a 
circle logo.  But I gently suggest that our vote tally is an 
unconvincing reflection of any consensus.  This isn't a new problem, so 
I don't want to suggest we drag out the logo nomination, but I think it 
gives a good example of why on-wiki democratic machinery is in need of 
reform.


There's a lot to say on the topic, but for now I can give an example of 
a single statistic, that the winning logo has 63 support votes out of 
216 total support votes, or 29% of the total.  That means there are 153 
potentially disenfranchised voters, which is an analysis we should be 
obligated to run.  Were 63 of these 153 also people who voted for the 
winning proposal as well?  (We know that at least 90 did not vote for 
the winner.) Potentially these voters had another much preferred 
favorite? Should we hold a run-off between the winners?  Would a 
ranked-choice tally like Round 1 have given different results? These are 
questions we can't answer without using a better electoral system.


Kind regards,
Adam

[1] https://meta.wikimedia.org/wiki/User:Adamw/Draft/Board_Election_analysis

[2] 216 = 63 + 29+8+13+18+13+4+9+2+6+9+2+25+6+3+6

On 9/28/20 10:25 AM, Amir Sarabadani wrote:

Hey,
The first round was using the standard voting process in wikis (using 
support/oppose and the thresholds like 70%) and this is the way we 
elect admins, checkusers or other user rights, or change policies in 
Wikis. I don't recall that there has ever been anyone elected as admin 
with below 70% or we have ever changed any policies with below 70% 
(not to mention the runner up logos are 56% and 61%, basically for any 
support, they had an opposition). Our logo is similar, no logo except 
proposal six could reach seventy percent and while there were good 
designs that almost made it but clearly none of them has enough 
support (and percentage of support) to reach the next round. That's a 
pity (one of the runner ups was actually by me) but if that's what the 
community wants, I happily accept it.


The second round has always been 
 
about different variants of the logos that pass the first round.


HTH

On Mon, Sep 28, 2020 at 9:30 AM Adam Wight > wrote:


Hi, thanks for helping coordinate this process!

I have concerns about what happened between round 1 and round 2,
it seems that we're no longer left with a real choice.  It's
unclear what method was used to tally the round 1


votes, was this a "support percentage"?  Whenever a vote is taken,
it's important to stick to democratic norms, basically "one
person, one vote".  Round 2 is entirely variations on a single
proposal, which disenfranchises everyone who didn't prefer that
design.  Is it too late to discuss?

Kind regards,
Adam

On 9/25/20 11:42 PM, Amir Sarabadani wrote:

Hello,
The subject line is self-explanatory, you can go to the voting
page


and cast your vote.

This is going to continue for a month and it's about different
variants of the top contender (different colors, different
wordmarks, etc.). You need to order logos based on your
preference (the most preferred one first, the least preferred one
the last) and then cast your vote. The final winner will be
chosen using Schulze method
.

If you have mistakenly voted in the test phase, you can just copy
your vote from the test page
 to
the actual voting page


(the numbers of logos haven't changed).

Special thank you to Chuck Roslof from WMF legal for doing the
preliminary clearance of the proposal.

Have a nice weekend!
-- 
Amir (he/him)



___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org  
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org 
https://lists.wikimedia.org/mailman/listinfo/wikitech-l



--
Amir (he/him)


___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinf

Re: [Wikitech-l] The Second round of voting for mediawiki logo just started!

[Amir Sarabadani]

Hey,
The first round was using the standard voting process in wikis (using
support/oppose and the thresholds like 70%) and this is the way we elect
admins, checkusers or other user rights, or change policies in Wikis. I
don't recall that there has ever been anyone elected as admin with below
70% or we have ever changed any policies with below 70% (not to mention the
runner up logos are 56% and 61%, basically for any support, they had an
opposition). Our logo is similar, no logo except proposal six could reach
seventy percent and while there were good designs that almost made it but
clearly none of them has enough support (and percentage of support) to
reach the next round. That's a pity (one of the runner ups was actually by
me) but if that's what the community wants, I happily accept it.

The second round has always been

about different variants of the logos that pass the first round.

HTH

On Mon, Sep 28, 2020 at 9:30 AM Adam Wight  wrote:

> Hi, thanks for helping coordinate this process!
>
> I have concerns about what happened between round 1 and round 2, it seems
> that we're no longer left with a real choice.  It's unclear what method was
> used to tally the round 1
> 
> votes, was this a "support percentage"?  Whenever a vote is taken, it's
> important to stick to democratic norms, basically "one person, one vote".
> Round 2 is entirely variations on a single proposal, which disenfranchises
> everyone who didn't prefer that design.  Is it too late to discuss?
>
> Kind regards,
> Adam
> On 9/25/20 11:42 PM, Amir Sarabadani wrote:
>
> Hello,
> The subject line is self-explanatory, you can go to the voting page
> 
> and cast your vote.
>
> This is going to continue for a month and it's about different variants of
> the top contender (different colors, different wordmarks, etc.). You need
> to order logos based on your preference (the most preferred one first, the
> least preferred one the last) and then cast your vote. The final winner
> will be chosen using Schulze method
> .
>
> If you have mistakenly voted in the test phase, you can just copy your
> vote from the test page
>  to the
> actual voting page
> 
> (the numbers of logos haven't changed).
>
> Special thank you to Chuck Roslof from WMF legal for doing the preliminary
> clearance of the proposal.
>
> Have a nice weekend!
> --
> Amir (he/him)
>
>
> ___
> Wikitech-l mailing 
> listWikitech-l@lists.wikimedia.orghttps://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>


-- 
Amir (he/him)
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] The Second round of voting for mediawiki logo just started!

[Adam Wight]

Hi, thanks for helping coordinate this process!

I have concerns about what happened between round 1 and round 2, it 
seems that we're no longer left with a real choice.  It's unclear what 
method was used to tally the round 1 
 
votes, was this a "support percentage"?  Whenever a vote is taken, it's 
important to stick to democratic norms, basically "one person, one 
vote".  Round 2 is entirely variations on a single proposal, which 
disenfranchises everyone who didn't prefer that design.  Is it too late 
to discuss?


Kind regards,
Adam

On 9/25/20 11:42 PM, Amir Sarabadani wrote:

Hello,
The subject line is self-explanatory, you can go to the voting page 
 
and cast your vote.


This is going to continue for a month and it's about different 
variants of the top contender (different colors, different wordmarks, 
etc.). You need to order logos based on your preference (the most 
preferred one first, the least preferred one the last) and then cast 
your vote. The final winner will be chosen using Schulze method 
.


If you have mistakenly voted in the test phase, you can just copy your 
vote from the test page 
 to the 
actual voting page 
 
(the numbers of logos haven't changed).


Special thank you to Chuck Roslof from WMF legal for doing the 
preliminary clearance of the proposal.


Have a nice weekend!
--
Amir (he/him)


___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l