Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-12 Thread Gergő Tisza
On Tue, Jun 12, 2018 at 8:56 AM Federico Leva (Nemo) wrote: > Personally I'd like us to explore agnostic and non-invasive solutions. > Mandatory code review (especially with a required waiting time) and mandatory reauthentication are far more invasive than removing JS editing permissions from

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-12 Thread Federico Leva (Nemo)
Personally I'd like us to explore agnostic and non-invasive solutions. The subdivision of permissions across more user groups relies on a number of assumptions which may not hold. For instance, on thousands of MediaWiki wikis there's only one sysop anyway. Something I would like is the

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-12 Thread Gergő Tisza
On Tue, Jun 12, 2018 at 3:26 AM Nathan wrote: > Is the risk of an attacker taking over an account with CSS/JS edit > permissions any more or less because that person knows how to use CSS/JS? > I tried to address this in the FAQ: > * The number of accounts which can be used to compromise the

Re: [Wikitech-l] [MediaWiki-l] git review warnings

2018-06-12 Thread Martin Urbanec
Sending a copy to wikitech-l, because this is a little bit more generic than "just" MediaWiki. Hello, the first one means you have something in /etc/git-review/git-review.conf, which is probably unneeded. I suggest you to delete that file. On my system, it doesn't exist. The second one is

[Wikitech-l] Wednesday: Technical Advice IRC Meeting

2018-06-12 Thread Michael Schönitzer
Sorry for cross-posting! Reminder: Technical Advice IRC meeting again **tomorrow, Wednesday 3-4 pm UTC** on #wikimedia-tech. The Technical Advice IRC meeting is open for all volunteer developers, topics and questions. This can be anything from "how to get started" over "who would be the best

Re: [Wikitech-l] Please comment on the draft consultation for splitting the admin role

2018-06-12 Thread Pine W
Regarding "Mandatory code review (especially with a required waiting time) and mandatory reauthentication are far more invasive than removing JS editing permissions from administrators who don't want them.": I think that mandatory code review and mandatory authentication would be far less

Re: [Wikitech-l] Can/should my extensions be deleted from the Wikimedia Git repository?

2018-06-12 Thread Chad
On Fri, Jun 8, 2018 at 12:19 AM MZMcBride wrote: > Yaron Koren wrote: > >That's how it went until two days ago, when Antoine Musso submitted a > >patch for my Site Settings extension (I don't know why that one > >specifically), re-adding the file. I rejected the patch, on the same > >grounds as

Re: [Wikitech-l] Can/should my extensions be deleted from the Wikimedia Git repository?

2018-06-12 Thread Chad
On Fri, Jun 8, 2018 at 7:02 AM Alex Monk wrote: > I think Gerrit admin permissions were abused to remove the review > > https://gerrit.wikimedia.org/r/Documentation/access-control.html#category_remove_reviewer Anyone who is a project owner on mediawiki/* could have done it, it had nothing to do

Re: [Wikitech-l] [MediaWiki-l] git review warnings

2018-06-12 Thread Chad
On Tue, Jun 12, 2018 at 5:03 AM Martin Urbanec wrote: > The second one is caused by Gerrit update. Upstream kept refs/publish/* > working, because they know git-review is using that ref. I think that as > soon as git-review developers fixes this and you will upgrade, the warning > will

Re: [Wikitech-l] Making PolyGerrit the default ui for gerrit

2018-06-12 Thread Paladox
We will have to change the date to friday as  no ops will be around next week (from monday) for there offsite. On Monday, 11 June 2018, 18:55:59 BST, Paladox wrote: The date to switch the default ui is next monday (18/06/18) which will give users plenty of time to give there

Re: [Wikitech-l] Making PolyGerrit the default ui for gerrit

2018-06-12 Thread Paladox
Delaying until after the sre offsite. On Tuesday, 12 June 2018, 17:42:02 BST, Paladox wrote: We will have to change the date to friday as  no ops will be around next week (from monday) for there offsite. On Monday, 11 June 2018, 18:55:59 BST, Paladox wrote: The date to