jeblad added a comment.
Note that "click 'sign this' icon next to a statement" imply a fundamentally insecure and broken process. You don't sign something after it is uploaded, you sign it before and while it is still on your own machine. The JSON code snippet should be signed, and then a provenance for the statement including that snippet should be provided. If something is signed _after_ it is uploaded, then we will be spanked by security researchers. :) TASK DETAIL https://phabricator.wikimedia.org/T138708 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: jeblad Cc: jeblad, CalebMoses, Fliptrail, Cirdan, Salgo60, AndrewSu, Mineo, Hjfocs, Scott_WorldUnivAndSch, Jan_Dittrich, RazShuty, Joshi-Jay-31, srishakatux, Jonas, rosalieper, EddyAfful, BamLifa, MichaelSchoenitzer, psinghal20, Nikhil-nk, Liuxinyu970226, BVershbow_WMF, PDrouin-WMF, Astinson, Ramsey-WMF, Quoth, Daniel_Mietchen, Tpt, Glorian_Yapinus, Micru, Jane023, DarTar, Abbe98, I9606, YULdigitalpreservation, Tallerone, abian, Scott_WUaS, johl, jayvdb, tfmorris, Spinster, TomT0m, Denny, Eloquence, JanZerebecki, T.seppelt, Aklapper, daniel, Zppix, Lydia_Pintscher, alaa_wmde, Dinadineke, Nandana, tabish.shaikh91, Lahi, Gq86, GoranSMilovanovic, Soteriaspace, Jayprakash12345, JakeTheDeveloper, QZanden, merbst, LawExplorer, _jensen, Wikidata-bugs, aude, TheDJ, Mbch331
_______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
