On 22 July 2016 at 10:29, Ori Livneh wrote:
> Starting with version 1.28, MediaWiki will provide operators with the
> option of sharing anonymous data about the local MediaWiki instance and its
> environment with MediaWiki's developer community via a pingback to a URL
> endpoint on MediaWiki.org.
>
> The configuration variable that controls this behavior ($wgPingback) will
> default to false (that is: don't share data). The web installer will
> display a checkbox for toggling this feature on and off, and it will be
> checked by default (that is: *do* share data). This ensures (I hope) that
> no one feels surprised or violated.
If it's disabled by default, isn't our standard practice not to
pre-tick the option?
> The information that gets sent is described in <
> https://meta.wikimedia.org/wiki/Schema:MediaWikiPingback>. Here is a
> summary of what we send:
>
> - A randomly-generated unique ID for the wiki.
How is it randomly-generated? Is a true-random or a hash based on
provided info? Is there anything to prevent duplication?
> …
> - The chosen database backend (e.g., "mysql", "sqlite")
> - The version of MediaWiki in use
> - The version of PHP
> - The name of the web server software in use (e.g. "Apache/1.3.14")
>
> Neither the wiki name nor its location is shared.
If a organisation creates custom packages (with custom naming), this
could conceivably reveal information if they accidentally trigger this
option
> The plan is to make this data freely available to all MediaWiki developers.
> Before that can happen, I will need to solicit reviews from security folks
> and from the WMF's legal team, but I don't expect any major issues.
Has a draft of the Data Retention Guidelines and Data Access
Guidelines that you are planning to send to Legal been created/shared
yet?
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
