On Mon, Jun 11, 2018 at 6:02 PM Steven Walling <steven.wall...@gmail.com>

> I'm definitely supportive of greater security for sitewide JS/CSS, but
> Bart's proposal is an interesting one. (Sorry for top posting, on mobile)
> What if we required review of edits to JS/CSS in the MediaWiki namespace
> (not in other namespaces), ala pending changes or something similar? We
> require code review in Gerrit, so why not sitewide code in the wiki?
> I propose this because if we split code editing rights into a separate
> userright, this entails increased process bloat for managing who and who
> doesn't get the right, the criteria for deciding that, and so on. Requiring
> code review would allow for more flexibility while increasing security. It
> would require less process bloat too because the community already has
> mechanisms for requesting edits be confirmed via talk pages and such.

That's a good way to improve security, but orthogonal to separating
permissions (it would probably mean that an attacker would have to find two
vulnerable accounts, while this change will reduce the pool of accounts an
attacker could target; both make attacks harder, in different ways). No
reason not to do both, but separating permissions is (relatively) easy and
a review system is more like something on the scale of FlaggedRevs.

If you are interested, https://phabricator.wikimedia.org/T71445 has plenty
of discussion on code review for gadgets;
https://phabricator.wikimedia.org/T187749 is a variant of it I'm working on.
Wikitech-l mailing list

Reply via email to