Sorry for cross-posting!
Reminder: Technical Advice IRC meeting again **tomorrow, Wednesday 3-4 pm
UTC** on #wikimedia-tech.
The Technical Advice IRC meeting is open for all volunteer developers,
topics and questions. This can be anything from "how to get started" over
"who would be the best cont
Regarding "Mandatory code review (especially with a required waiting time) and
mandatory reauthentication are far more invasive than removing JS editing
permissions from administrators who don't want them.": I think that mandatory
code review and mandatory authentication would be far less costly
Delaying until after the sre offsite.
On Tuesday, 12 June 2018, 17:42:02 BST, Paladox
wrote:
We will have to change the date to friday as no ops will be around next week
(from monday) for there offsite.
On Monday, 11 June 2018, 18:55:59 BST, Paladox
wrote:
The date to swi
We will have to change the date to friday as no ops will be around next week
(from monday) for there offsite.
On Monday, 11 June 2018, 18:55:59 BST, Paladox
wrote:
The date to switch the default ui is next monday (18/06/18) which will give
users plenty of time to give there opinion.
On Tue, Jun 12, 2018 at 5:03 AM Martin Urbanec
wrote:
> The second one is caused by Gerrit update. Upstream kept refs/publish/*
> working, because they know git-review is using that ref. I think that as
> soon as git-review developers fixes this and you will upgrade, the warning
> will disappear.
On Fri, Jun 8, 2018 at 7:02 AM Alex Monk wrote:
> I think Gerrit admin permissions were abused to remove the review
>
>
https://gerrit.wikimedia.org/r/Documentation/access-control.html#category_remove_reviewer
Anyone who is a project owner on mediawiki/* could have done it, it had
nothing
to do
On Fri, Jun 8, 2018 at 12:19 AM MZMcBride wrote:
> Yaron Koren wrote:
> >That's how it went until two days ago, when Antoine Musso submitted a
> >patch for my Site Settings extension (I don't know why that one
> >specifically), re-adding the file. I rejected the patch, on the same
> >grounds as b
On Tue, Jun 12, 2018 at 8:56 AM Federico Leva (Nemo)
wrote:
> Personally I'd like us to explore agnostic and non-invasive solutions.
>
Mandatory code review (especially with a required waiting time) and
mandatory reauthentication are far more invasive than removing JS editing
permissions from ad
On Tue, Jun 12, 2018 at 3:26 AM Nathan wrote:
> Is the risk of an attacker taking over an account with CSS/JS edit
> permissions any more or less because that person knows how to use CSS/JS?
>
I tried to address this in the FAQ:
> * The number of accounts which can be used to compromise the site
Sending a copy to wikitech-l, because this is a little bit more generic
than "just" MediaWiki.
Hello,
the first one means you have something in /etc/git-review/git-review.conf,
which is probably unneeded. I suggest you to delete that file. On my
system, it doesn't exist.
The second one is caused
10 matches
Mail list logo