[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2020-05-26 Thread Bugreporter
Bugreporter added a comment. In https://www.wikidata.org/wiki/Wikidata:Property_proposal/approval_of_subject, it is proposed that an agreement may be appended in a signature. For example, when a explicit waiver of right to privacy is needed and explicitly agreenment for any reuse of

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2020-02-04 Thread jeblad
jeblad added a comment. In my opinion, this signing of a hash of an extract of an already uploaded statement seems extremely hackish. I still believe this should be reconsidered. Anyhow, SHA-1 is completly broken. Schneier reported it was theoretically broken in 2005 SHA-1 Broken

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-06-27 Thread Addshore
Addshore added a comment. It sounds like there are some differences being discussed above regarding signing of edits / revisions as they are made Vs signing of statements that are already saved. The story described in this ticket is the latter, and can be done without the former.

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-03-12 Thread jeblad
jeblad added a comment. Note that there are several options to do PGP/GPG signing and encryption in the browser. One example in Javacript is OpenPGP.js , but it is probably better to use Web Cryptography API if available. (It is

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-03-12 Thread jeblad
jeblad added a comment. Sorry, but this is not the way you should do it. This assumes the uploader in fact reads and understands the schema (s)he is signing, but that newer works. It is also insecure as it opens a man in the middle attack. If you want to do this, please use known secure

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-03-12 Thread daniel
daniel added a comment. In T138708#5017062 , @jeblad wrote: > Note that "click 'sign this' icon next to a statement" imply a fundamentally insecure and broken process. You don't sign something after it is uploaded, you sign it before

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-03-12 Thread jeblad
jeblad added a comment. Note that "click 'sign this' icon next to a statement" imply a fundamentally insecure and broken process. You don't sign something after it is uploaded, you sign it before and while it is still on your own machine. The JSON code snippet should be signed, and then a

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-03-12 Thread CalebMoses
CalebMoses added a comment. ok I see thanks for the reply. TASK DETAIL https://phabricator.wikimedia.org/T138708 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: CalebMoses Cc: CalebMoses, Fliptrail, Cirdan, Salgo60, AndrewSu, Mineo, Hjfocs,

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-03-10 Thread Lydia_Pintscher
Lydia_Pintscher added a comment. Unfortunately I can't find a mentor for this this time around. I am very sorry :( TASK DETAIL https://phabricator.wikimedia.org/T138708 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Lydia_Pintscher Cc:

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-03-08 Thread CalebMoses
CalebMoses added a comment. @Lydia_Pintscher Hello please can I have some guidance or micro-tasks about this project? TASK DETAIL https://phabricator.wikimedia.org/T138708 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: CalebMoses Cc:

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-03-05 Thread CalebMoses
CalebMoses added a comment. Hello!!! please i have been studying this 2019 GSoc project and I will like to get some micro tasks or guide for this project TASK DETAIL https://phabricator.wikimedia.org/T138708 EMAIL PREFERENCES

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-02-20 Thread Lydia_Pintscher
Lydia_Pintscher added a comment. I'm so sorry! Only saw your ping now. I'd love to have a chat with you. Can you send me an email at lydia.pintsc...@wikimedia.de so we don't clutter up the ticket here?TASK DETAILhttps://phabricator.wikimedia.org/T138708EMAIL

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-02-20 Thread Fliptrail
Fliptrail added a comment. Any updates @Lydia_Pintscher ?TASK DETAILhttps://phabricator.wikimedia.org/T138708EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: FliptrailCc: Fliptrail, Cirdan, Salgo60, AndrewSu, Mineo, Hjfocs, Scott_WorldUnivAndSch, Jan_Dittrich,

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-02-16 Thread Fliptrail
Fliptrail added a comment. In T138708#4945106, @Fliptrail wrote: This looks interesting to me. I would like to work on this during GSoC 19 period if possible. Any microtasks or approach for which someone can guide me? Anyone?TASK DETAILhttps://phabricator.wikimedia.org/T138708EMAIL

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2019-02-11 Thread Fliptrail
Fliptrail added a comment. This looks interesting to me. I would like to work on this during GSoC 19 period if possible. Any microtasks or approach for which someone can guide me?TASK DETAILhttps://phabricator.wikimedia.org/T138708EMAIL

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2018-03-20 Thread Lydia_Pintscher
Lydia_Pintscher added a comment. In T138708#4059063, @Joshi-Jay-31 wrote: We are not concerned about data getting altered during the transmission, by the man in the middle or something. That means the receiver is supposed to hash the document again at its side and verify it against the supplied

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2018-03-18 Thread Joshi-Jay-31
Joshi-Jay-31 added a comment. I have gone through "signed document mockup" shared above and I have the following picture in my mind please correct me where i am wrong, We are not concerned about data getting altered during the transmission, by the man in the middle or something. That means the

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2018-03-14 Thread srishakatux
srishakatux added a comment. This message is for students interested in working on this project for #gsoc2018 Student application deadline is March 27 16:00 UTC. If you have questions about eligibility, please read the GSoC rules thoroughly here https://summerofcode.withgoogle.com/rules/.

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2018-03-05 Thread Lydia_Pintscher
Lydia_Pintscher added a comment. Hey @AdityaJ Great to hear you are interested in the project. I think as a first step it would be great if you install Wikibase and get it running.TASK DETAILhttps://phabricator.wikimedia.org/T138708EMAIL

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2018-03-02 Thread AdityaJ
AdityaJ added a comment. Hi All, Can I know what are the microtasks for this project?TASK DETAILhttps://phabricator.wikimedia.org/T138708EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: AdityaJCc: AdityaJ, Jonas, rosalieper, EddyAfful, BamLifa,

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-12-16 Thread Glorian_Yapinus
Glorian_Yapinus added a comment. To get a better picture of what should be developed in this task, I have created a mockup for this. You can find the mockup below F5070845: Signed Statements Mockup.odp Please be aware to the presentation note I have put on some slides which explains the

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-08-22 Thread jayvdb
jayvdb added a comment. We want to enable institutions and people to sign statements in order to say that they indeed state what is in the statement. Isnt that a recipe for wikibase being used as a primary source repository? Or is the goal to store verification that a statement correctly

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-08-21 Thread abian
abian added a comment. I find better to sign references, and not statements. The idea would be to say "I've checked out this reference and I ensure that this reference is real and consistent with these data", as Wikidata is a secondary database. We could continue signing references like "stated

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-06 Thread JanZerebecki
JanZerebecki added a comment. The cryptography part specifies a technical solution. What is the reason or goal that lead you to specify it?TASK DETAILhttps://phabricator.wikimedia.org/T138708EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: JanZerebeckiCc:

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-06 Thread daniel
daniel added a comment. In T138708#2429401, @JanZerebecki wrote: What is the difference between a and b? On the technical side, for (a) we might want to restrict who can sign, using a whitelist or a permission. Or we say we only allow signing with keys we (the community?) trust. The main

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-05 Thread JanZerebecki
JanZerebecki added a comment. What is the difference between a and b?TASK DETAILhttps://phabricator.wikimedia.org/T138708EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: JanZerebeckiCc: jayvdb, Scott_WUaS, tfmorris, Spinster, TomT0m, Denny, Eloquence,

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-05 Thread daniel
daniel added a comment. In T138708#2428831, @JanZerebecki wrote: What is the goal here? a) enabling an authority to cryptographically assert that a given statement is derived from and consistent with their data. b) enabling anyone to cryptographically assert that a given statement is derived

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-05 Thread JanZerebecki
JanZerebecki added a comment. What is the goal here?TASK DETAILhttps://phabricator.wikimedia.org/T138708EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: JanZerebeckiCc: jayvdb, Scott_WUaS, tfmorris, Spinster, TomT0m, Denny, Eloquence, JanZerebecki, T.seppelt,

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-05 Thread daniel
daniel added a comment. In T138708#2427828, @JanZerebecki wrote: By normalizing the serialization of the statement of the revision in which the signature was added. That makes it impossible to detach it, i.e. signatures need to be in the items. That limits the amount of signatures that are

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-04 Thread JanZerebecki
JanZerebecki added a comment. In T138708#2426549, @daniel wrote: In T138708#2424766, @JanZerebecki wrote: Why use a sha1 instead of inlining the normalized serialization in the text to sign? Because that doubles the size of the serialization of a statement. Would that part need to be stored?

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-04 Thread daniel
daniel added a comment. In T138708#2426913, @JanZerebecki wrote: Why omit the revision ID of the predicate/property? In T138708#2426549, @daniel wrote: In T138708#2424766, @JanZerebecki wrote: Why use a sha1 instead of inlining the normalized serialization in the text to sign? Because that

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-04 Thread JanZerebecki
JanZerebecki added a comment. Why omit the revision ID of the predicate/property? In T138708#2426549, @daniel wrote: In T138708#2424766, @JanZerebecki wrote: Why use a sha1 instead of inlining the normalized serialization in the text to sign? Because that doubles the size of the serialization

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-04 Thread daniel
daniel added a comment. In T138708#2424766, @JanZerebecki wrote: Why use a sha1 instead of inlining the normalized serialization in the text to sign? Because that doubles the size of the serialization of a statement. Why add the current date and time? For completeness. It's nice to know when

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-03 Thread JanZerebecki
JanZerebecki added a comment. Interesting, maybe this can lead to a distributed truthy bubble (see [:w:en:Filter bubble]), where the user can chose instead of someone else. We might want to get #MediaWiki-extensions-WikibaseQualityExternalValidation done first. Should really any user be able to

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-02 Thread T.seppelt
T.seppelt added a comment. This is a great idea, also considering that many Wikipedia users argue that Wikidata isn't vandalism-proof enough. Some things: Should really any user be able to sign statements? I think it would be good to define a new user group which holds the right to do this. In

[Wikidata-bugs] [Maniphest] [Commented On] T138708: [Epic] Signed statements

2016-07-02 Thread Spinster
Spinster added a comment. Great idea. When you are at the point where this needs testing by external partners, I'll be happy to help approach some.TASK DETAILhttps://phabricator.wikimedia.org/T138708EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: SpinsterCc: