Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

On Mon, Jun 11, 2018 at 6:26 PM, Nathan wrote: > Is the risk of an attacker taking over an account with CSS/JS edit > permissions any more or less because that person knows how to use CSS/JS? > If the criteria will be that only people who know how to use CSS/JS will > get access to make those

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

Is the risk of an attacker taking over an account with CSS/JS edit permissions any more or less because that person knows how to use CSS/JS? If the criteria will be that only people who know how to use CSS/JS will get access to make those edits, I'm not sure that is perfectly tailored to the need

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

I tend to agree with Steven's comments. I think that requiring review would, as he said, be less costly to implement in terms of the amount of volunteer time spent on managing permissions. I think that there would also be less time spent discussing and redesigning social processes than there

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

On Mon, Jun 11, 2018 at 6:02 PM Steven Walling wrote: > I'm definitely supportive of greater security for sitewide JS/CSS, but > Bart's proposal is an interesting one. (Sorry for top posting, on mobile) > > What if we required review of edits to JS/CSS in the MediaWiki namespace > (not in other

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

Apologies for the typos. Speaking of being thoughtful, perhaps I should be more careful when typing on mobile devices. Pine ( https://meta.wikimedia.org/wiki/User:Pine ) Original message From: Pine W Date: 6/11/18 1:42 PM (GMT-08:00) To: Wikimedia developers Subject: Re:

Re: [Wikitech-l] Wikitech-l Digest, Vol 179, Issue 27

Yaron, By deciding to not allow the coc.md in your extension repositories at gerrit, some people have publicly stated they won't contribute. You choose a position, others have decided it's not worth the trouble. If you updated your readme.md to be hostile, that is your own fault and would be

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

Hi Gergő, I think that your proposal makes sense and would be good for the community to consider in an RfC. Because this could involve complex wikilegal changes to how Wikimedia sites assign user permissions, and presently unforseen side effects, I think that the RfC should be translated into a

[Wikitech-l] Discovery Weekly Update for the week starting 2018-06-04

Howdy, Here's the weekly update from the Search Platform team. As always, feedback and questions welcome. == Discussions == === Search === * After lots of talk about stemmers getting committed and plugins getting deployed, the Slovak-language wikis have finally been *reindexed*, and stemming

Re: [Wikitech-l] Gerrit as a shared community space

Moriel Schottlender wrote: > In the gerrit commit that started this thing, you, yourself, publicly wrote > this: > > *"The Site Settings extension uses a bunch of WMF tools and services for > its development, including hosting. If some random person sends me a patch > for Site Settings by email,

Re: [Wikitech-l] Gerrit as a shared community space

Heh, an apology here, my autocorrect "fixed" your name, Yaron. I apologize for that and should have caught it. ... The trouble of multilingual corrections. Moriel On Mon, Jun 11, 2018, 11:37 AM Moriel Schottlender < mschottlen...@wikimedia.org> wrote: > I'm not going to get into the minutia and

Re: [Wikitech-l] Gerrit as a shared community space

I'm not going to get into the minutia and details of how the code of conduct is or isn't good to work in your repo, that's a separate discussion that I won't participate in by choice right now. I am simply pointing out that your own points made a declaration about how working in the space you are

[Wikitech-l] Escaping wikitext to JSON-valid string in templates

Hello everyone, I am having trouble escaping and displaying wikitext in a way that is JSON-safe. I did some research but none of the provided MagicWords/ParserFUnctions/etc seem to be suited for this purpose. Please refer to my gitLab snippet to see the

Re: [Wikitech-l] Gerrit as a shared community space

Hi, Moriel Schottlender wrote: > Quite frankly, I don't blame people who regularly experience harassment > online to avoid spaces where the code of conduct is consciously only > enforced in parts of the space. > I, too, don't feel comfortable in joining that space, even for considering >

Re: [Wikitech-l] Making PolyGerrit the default ui for gerrit

The date to switch the default ui is next monday (18/06/18) which will give users plenty of time to give there opinion. Users can still switch back to the old ui just the new ui is secure. https://phabricator.wikimedia.org/T196812#4273184 On Monday, 11 June 2018, 13:38:20 BST, Paladox

Re: [Wikitech-l] Gerrit as a shared community space

This isn't about not wanting that file in (which is a discussion that should happen) -- this is about what you, yourself, said, about how interactions are working in your repo. That's where people decide whether they want to work in your repo or not. They hear about the expectations in that space,

Re: [Wikitech-l] Gerrit as a shared community space

Hi, Moriel Schottlender wrote: > This isn't a personal attack, it's a consequence to your earlier email. > > You stated yourself, that one of the reasons you don't think a COC.md file > should exist in your repository is because not all interactions are covered > by it. While that might be

Re: [Wikitech-l] Can/should my extensions be deleted from the Wikimedia Git repository?

Gergo Tisza wrote: > I'd still like the understand what the assumed harm is. Is this strictly a > moral issue, where you want to avoid giving misleading information, but > otherwise that information would be harmless? Or a liability issue, where > your clients think that working on / using a

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

I'm definitely supportive of greater security for sitewide JS/CSS, but Bart's proposal is an interesting one. (Sorry for top posting, on mobile) What if we required review of edits to JS/CSS in the MediaWiki namespace (not in other namespaces), ala pending changes or something similar? We require

Re: [Wikitech-l] Gerrit as a shared community space

Yaron, On Sun, Jun 10, 2018 at 8:35 PM Yaron Koren wrote: > This looks to me like a violation of the Code of Conduct. I don't want to > cause more drama in this discussion, especially since it seems like a sort > of consensus has formed and we can all move on, but I do find it disturbing > that

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

" I remember a situation when I posted a fix for a script in the MediaWiki namespace as an {{edit request}}, and a well-meaning administrator tried to "improve" my line of code and forgot a comma, breaking all JavaScript for all logged-in as well as not logged-in Wikipedia editors and readers for

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

Speaking of security, I believe that all sysops and people allowed to edit JS / CSS anywhere on mediawiki sites should be required to use 2FA. On Mon, Jun 11, 2018 at 4:53 PM, Gergo Tisza wrote: > On Mon, Jun 11, 2018 at 3:28 PM Petr Bena wrote: > >> Is there any historical evidence that sysops

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

On Mon, Jun 11, 2018 at 3:28 PM Petr Bena wrote: > Is there any historical evidence that sysops being able to edit JS / > CSS caused some serious issues? Your point that "most of > administrators don't understand JS / CSS" is kind of moot. They are > usually trustworth and intelligent people.

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

OK in that case I think this should be done. On Mon, Jun 11, 2018 at 3:40 PM, Thiemo Kreuz wrote: >> Is there any historical evidence that sysops being able to edit JS / CSS >> caused some serious issues? > > Oh yes, this happens more often than I feel it needs to. I remember a > situation when

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

> Is there any historical evidence that sysops being able to edit JS / CSS > caused some serious issues? Oh yes, this happens more often than I feel it needs to. I remember a situation when I posted a fix for a script in the MediaWiki:… namespace as an {{edit request}}, and a well-meaning

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

On 2018-06-11 15:28, Petr Bena wrote: Is there any historical evidence that sysops being able to edit JS / CSS caused some serious issues? Your point that "most of administrators don't understand JS / CSS" is kind of moot. They are usually trustworth and intelligent people. They don't mess up

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

Is there any historical evidence that sysops being able to edit JS / CSS caused some serious issues? Your point that "most of administrators don't understand JS / CSS" is kind of moot. They are usually trustworth and intelligent people. They don't mess up with something they don't understand and

[Wikitech-l] Making PolyGerrit the default ui for gerrit

Hi, i have created this task [1] with i have uploaded this patch [2] to make polygerrit the default ui. The reason why is upstream are preparing to remove the gwtui very soon. In matter of fact upstream have disabled the gwtui on *.googlesource.com. Upstream already have this change [3] to

[Wikitech-l] Please comment on the draft consultation for splitting the admin role

Hi all, per the discussion on Phabricator, I'd like to split the administrator ("sysop") user group into two parts - one which can edit sitewide CSS/JS, and one which can not. You can find the details and detailed rationale in the task: https://phabricator.wikimedia.org/T190015 To inform the

Re: [Wikitech-l] Can/should my extensions be deleted from the Wikimedia Git repository?

On Fri, Jun 8, 2018 at 3:44 PM Yaron Koren wrote: > I suppose that one solution which hasn't been discussed yet is to change > the wording of that file so that it says something more defensible, like > "This extension is hosted on facilities governed by the Code of Conduct", > or that kind of