Re: Why are we blocking some addresses any access to the wiki?
Hello, On 29/04/2020 15:17, Steve McIntyre wrote: >>> No one disagrees so I will contact the upstream developers on github >>> to know if they are interested by such feature. If so, I will try to >>> implement it. The main developer is not convinced by the idea: https://github.com/moinwiki/moin/issues/1004 > We already have a small set of patches applied to upstream 1.9 > for the Debian package that we're also using for wiki.d.o. I doubt it's interesting to maintain such patch for Debian only. We could modify the content displayed when the user gets a 403 error. It does not fix the problem but the user will get an explanation. I hope it would be a better experience for the user and less requests on debian-www. In Moin v.1.9, the 'description' attribute of the 'Forbidden' class seems to be right place: https://github.com/moinwiki/moin-1.9/blob/38a81aa826ee76fe9fd96413e2a660f1e39914dc/MoinMoin/support/werkzeug/exceptions.py#L316 What do you think about this workaround? Regards, Stéphane signature.asc Description: OpenPGP digital signature
Re: Why are we blocking some addresses any access to the wiki?
Hey folks, Apologies for not responding sooner... On Tue, Apr 28, 2020 at 08:34:43PM -0400, Calum McConnell wrote: >> No one disagrees so I will contact the upstream developers on github >> to know if they are interested by such feature. If so, I will try to >> implement it. > >Upstream is currently rewriting moinmoin for python3: however, the new >release (moin2) is (in their words) nowhere near production-ready. As >such, the version debian uses (and will likely continue to use) is >their 1.9 branch: which I believe they have stated is no longer >receiving feature updates. > >Here is their response to an issue I filed asking for a status update >on moin2. >https://github.com/moinwiki/moin/issues/941 > >In short, implementing this may require forking from the 1.9 branch. Yup. We already have a small set of patches applied to upstream 1.9 for the Debian package that we're also using for wiki.d.o. -- Steve McIntyre, Cambridge, UK.st...@einval.com 'There is some grim amusement in watching Pence try to run the typical "politician in the middle of a natural disaster" playbook, however incompetently, while Trump scribbles all over it in crayon and eats some of the pages.' -- Russ Allbery
Re: Why are we blocking some addresses any access to the wiki?
> No one disagrees so I will contact the upstream developers on github > to know if they are interested by such feature. If so, I will try to > implement it. Upstream is currently rewriting moinmoin for python3: however, the new release (moin2) is (in their words) nowhere near production-ready. As such, the version debian uses (and will likely continue to use) is their 1.9 branch: which I believe they have stated is no longer receiving feature updates. Here is their response to an issue I filed asking for a status update on moin2. https://github.com/moinwiki/moin/issues/941 In short, implementing this may require forking from the 1.9 branch. signature.asc Description: This is a digitally signed message part
Re: Why are we blocking some addresses any access to the wiki?
On 22/04/2020 18:55, Stéphane Blondon wrote: > I see an implementation by listing forbidden IPs in Config.hosts_deny in > wikiconfig.py file [1]. > > If I understand correctly, we need to allow read access for every one > and limit login access (to refuse modifications). For example, it could > be implemented by adding a Config.hosts_login_deny attribute in MoinMoin. No one disagrees so I will contact the upstream developers on github to know if they are interested by such feature. If so, I will try to implement it. Regards, Stéphane signature.asc Description: OpenPGP digital signature
Re: Why are we blocking some addresses any access to the wiki?
On 17/04/2020 05:19, Paul Wise wrote: > The software we use doesn't differentiate between types of accesses in > its blocking code. I see an implementation by listing forbidden IPs in Config.hosts_deny in wikiconfig.py file [1]. If I understand correctly, we need to allow read access for every one and limit login access (to refuse modifications). For example, it could be implemented by adding a Config.hosts_login_deny attribute in MoinMoin. Am I right? 1: https://salsa.debian.org/debian/wiki.debian.org/-/blob/master/etc/moin/wikiconfig.py -- Stéphane signature.asc Description: OpenPGP digital signature
Re: Why are we blocking some addresses any access to the wiki?
On Thu, Apr 16, 2020 at 5:58 PM Calum Jackson wrote: > It seems every day a new mail comes in about someone getting a 403 forbidden > when trying to access the wiki through their proxy server or VPN, or even > just their home address. Now, edit-blocks would make sense, but we already > require any prospective wiki editors to email in to make an account. Why is > it that we ban entire IP ranges from even reading the wiki? There is a combination of a few factors: The software we use doesn't differentiate between types of accesses in its blocking code. Last time we removed the block, the server got overloaded. The current admin team hasn't had time to retry that and figure out why it got overloaded. -- bye, pabs https://wiki.debian.org/PaulWise
Why are we blocking some addresses any access to the wiki?
It seems every day a new mail comes in about someone getting a 403 forbidden when trying to access the wiki through their proxy server or VPN, or even just their home address. Now, edit-blocks would make sense, but we already require any prospective wiki editors to email in to make an account. Why is it that we ban entire IP ranges from even reading the wiki?