Thanks, Dan... I was going to ask about that, too. I don't understand well enough what is and isn't visible in the API, but I will say that if the API is linking an action (i.e., suppression) to a user (i.e. the specific oversighter) I *do* have a problem with it; we've had experience in the past with people actively harassing oversighters because of legitimate suppressions they've carried out, and perhaps this is exactly how they've found out it was Oversighter A who did that particular suppression.
Risker/Anne On 9 December 2014 at 14:01, Dan Garry <[email protected]> wrote: > Speaking from my experience as an oversighter, I find it a bit strange that > when you oversight something, information that is hidden in the UI is not > hidden in the API. That notwithstanding, there is nothing particularly > private about the information that is shown in the API only (i.e. the type > of the action), but I found it strange. > > I also find it strange that the fact that this information is still > available via the API is not mentioned in the interface. I've been an > oversighter for many, many years, and I never knew that this information > could be retrieved via the API. > > Personally, I prefer the way things are after Chris's change. It makes the > UI and API more consistent with each other. > > That said, given that there is no particularly private information given > out in the API response, I don't think it's worth complaining about Brad's > patch. It's not the way I'd prefer it to be, but it doesn't personally > strike me as overtly incorrect or as causing any real problems. > > Dan > > On 1 December 2014 at 17:30, Chris Steipp <[email protected]> wrote: > > > Hi list, > > > > I wanted to get some feedback about > > https://phabricator.wikimedia.org/T74222. > > In the last security release, I changed the return of the api to remove > the > > "action" for log entries that had been revdeleted with "Hide action and > > target". However, ever since 2009 / r46917, we've assumed that "Hide > action > > and target" didn't mean the actual action field in the db, but rather the > > target and the text of the message about the action, which might include > > other parameters. So the message about what's being hidden and the > intended > > protection of that option could have slightly different interpretations. > > > > I'd like to hear if anyone has intended for the actual log action to be > > deleted / suppressed. If not, I'm happy to revert the recent patch, and > > we'll just update the wording in the deletion UI to be more clear about > > what is being removed. > > _______________________________________________ > > Wikitech-l mailing list > > [email protected] > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > > > > -- > Dan Garry > Associate Product Manager, Mobile Apps > Wikimedia Foundation > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
