Hi Mark,
Comments inline
On Fri, Aug 31, 2012 at 7:01 PM, Mark A. Hershberger m...@everybody.org wrote:
On 08/31/2012 05:02 PM, Rob Lanphier wrote:
Sam would be the one to publish the tarball, but anyone can generate
an unofficial alpha tarball, and I'd encourage that.
We can already use
On Mon, 03 Sep 2012 19:57:20 -0700, Sergey Chernyshev
sergey.chernys...@gmail.com wrote:
Hi everybody,
A few years back I saw a need in easy widget creation and too many
extensions that just did that, but were not so well maintained and had a
bunch of XSS holes in them and so on,
On Tue, 04 Sep 2012 02:25:56 -0700, Clément Dietschy clem...@seizam.com
wrote:
On Mon, 03 Sep 2012 19:57:20 -0700, Sergey Chernyshev
sergey.chernys...@gmail.com wrote:
Hi everybody,
A few years back I saw a need in easy widget creation and too many
extensions that just did that, but
Maybe the widgets on the website should have security verification
badges? On the pages of secured widgets the badge would say that it's
safe to use them. As far as I know the Widgets extension designed
specially to create safe alternative to 'plain-old insertion of raw
html and javascript to
On Tue, Sep 4, 2012 at 8:02 AM, David Gerard dger...@gmail.com wrote:
The essential problem is that people can't get stuff through the
gatekeepers, so they come up with a workaround. Noting that the
workaround is insecure and saying just don't do that doesn't solve
the original need and won't
On 4 September 2012 13:06, Chad innocentkil...@gmail.com wrote:
On Tue, Sep 4, 2012 at 8:02 AM, David Gerard dger...@gmail.com wrote:
The essential problem is that people can't get stuff through the
gatekeepers, so they come up with a workaround. Noting that the
workaround is insecure and
Hey,
The essential problem is that people can't get stuff through the
gatekeepers, so they come up with a workaround. Noting that the
workaround is insecure and saying just don't do that doesn't solve
the original need and won't help security. It's not clear to me what
will, but the
I use and like this extension. I know many others do as well. This debate over
its value to some and security is interesting (well - not really) but aside
from the point of this thread.
Should the widgets be housed on MW.org rather than an outside site? Given their
wide usage and the
For those who were not able to participate:
Video:
https://commons.wikimedia.org/wiki/File:Wikimedia_Localisation_team_Sprint_23_demo.ogv
Slides:
https://commons.wikimedia.org/wiki/File:Wikimedia_Localisation_team_Sprint_23_demo.pdf
Next chance in two weeks :).
Cheers!
On Mon, Sep 3, 2012 at
Hi,
The report covering Wikimedia engineering activities in August 2012 is
now available.
Wiki version:
https://www.mediawiki.org/wiki/Wikimedia_engineering_report/2012/August
Blog version:
https://blog.wikimedia.org/2012/09/04/engineering-august-2012-report/
--
Guillaume Paumier
Technical
On Tue, Sep 4, 2012 at 9:26 AM, Mr. Gregory Varnum
gregory.var...@gmail.com wrote:
I use and like this extension. I know many others do as well. This debate
over its value to some and security is interesting (well - not really) but
aside from the point of this thread.
Should the widgets be
On Tue, Sep 4, 2012 at 1:39 PM, John Du Hart compwhi...@gmail.com wrote:
Does MediaWikiWiki really need any more shitty/insecure addons that no
one is going to maintain? I think we have enough already.
Does MediaWiki's development community really need any more people
discouraging volunteers by
Just to give a final feedback to this talk, that has been very useful for
my tries: woks are going on fastly, and are presently focused on alignement
of some structures templates whose data are shared between Commons and
Wikisource: Creator vs. Author; Book
vs
Hello,
[Bug 36597] is about switching PDF thumbnails from jpeg to PNG. The
change to PdfHandler extension is really straightforward:
https://gerrit.wikimedia.org/r/#/c/6802/
It feels like PNG is more suitable, but would like some other people
input before merging this change in.
[Bug 36597]
On Tue, 04 Sep 2012 05:11:33 -0700, Jeroen De Dauw
jeroended...@gmail.com wrote:
Hey,
The essential problem is that people can't get stuff through the
gatekeepers, so they come up with a workaround. Noting that the
workaround is insecure and saying just don't do that doesn't solve
the
There's a hackathon in Helsinki this month -- if you go and do
interesting Wikimedia-related things, please report back!
best,
Sumana Harihareswara
Engineering Community Manager
Wikimedia Foundation
Original Message
Subject: [Wikimedia-l] Open Knowledge Festival - September
On Tue, Sep 4, 2012 at 2:06 PM, [[w:en:User:Madman]]
madman.enw...@gmail.com wrote:
On Tue, Sep 4, 2012 at 1:39 PM, John Du Hart compwhi...@gmail.com wrote:
Does MediaWikiWiki really need any more shitty/insecure addons that no
one is going to maintain? I think we have enough already.
Does
Hey,
This is clearly not the case. Because there are XSS vectors all over these
widgets.
Developers who understand security do not monitor code strewn about in
piles of wiki pages.
They in no way have the same level of gatekeeping as extensions.
So instead of writing a widget publicly
Hey if you want to make mediawiki.org a dumping ground for anything
mediawiki related, have fun with that.
Well, the parent thread had a point. Let's discuss what's possible
rather than just downing the current work. How can we make widgets a
viable extension? Is it possible? If not, can we
I think that's a valuable and valid discussion.
I would also argue that adding the widgets as subpages to the widget extension
isn't cluttering up the wiki much - it at all. I fail to see how that would
have such a drastic impact on our use of the wiki.
-Greg
Sent from my iPhone.
Hi,
Earlier today, I was trying to send a link to
https://commons.wikimedia.org/wiki/File:LOC_Main_Reading_Room_Highsmith.jpg
. I clicked on use this file, but instead of the file link there was
some javascript function. I tried to log a bug, but this seems to
reproduce only sometimes and I can't
On Tue, 04 Sep 2012 14:14:34 -0700, Jeroen De Dauw
jeroended...@gmail.com wrote:
Hey,
This is clearly not the case. Because there are XSS vectors all over
these
widgets.
Developers who understand security do not monitor code strewn about in
piles of wiki pages.
They in no way have the
On 03/09/12 02:59, Tim Starling wrote:
I'll go for option 4. You can't delete the images from the backend
while they are still in Squid, because then they would not be purged
when the image is updated or action=purge is requested. In fact, that
is one of only two reasons for the existence of
Antoine Musso wrote:
Le 29/08/12 23:55, Sumana Harihareswara wrote:
1) Write small commits.
I cant stress how important this is. git has several ways to split a commit:
- git rebase --interactive parent commit sha1
- reset to master and git cherry-pick --no-commit sha1 then use git
add
On 09/04/2012 07:38 PM, MZMcBride wrote:
Antoine Musso wrote:
Le 29/08/12 23:55, Sumana Harihareswara wrote:
1) Write small commits.
I cant stress how important this is. git has several ways to split a commit:
- git rebase --interactive parent commit sha1
- reset to master and git
On 09/04/2012 03:45 AM, Rob Lanphier wrote:
On Fri, Aug 31, 2012 at 7:01 PM, Mark A. Hershberger m...@everybody.org
wrote:
On 08/31/2012 05:02 PM, Rob Lanphier wrote:
Sam would be the one to publish the tarball, but anyone can generate
an unofficial alpha tarball, and I'd encourage that.
On 09/04/2012 05:31 PM, Mark A. Hershberger wrote:
On 09/04/2012 07:38 PM, MZMcBride wrote:
I think some kind of reconciliation is needed here in the advice to
committers, new and old. I guess whether to split commits up or not depends
on context?
Or maybe these simply the differences in
On Tue, Sep 4, 2012 at 5:31 PM, Mark A. Hershberger m...@everybody.org wrote:
Or maybe these simply the differences in the sorts of reviews that
people like to do? Or maybe its a bit of both?
I think you're right that stylistic differences are at play.
One possible bit of guidance we can give
On 09/03/2012 03:59 PM, Oren Bochman wrote:
e.g. The amount of Template Code in about 20 times the size of
MediaWiki code base.
[Citation Needed]
This number fascinates me. It isn't that I doubt it, but could you cite
a source?
Perhaps it is because so much of my time has been spent as a
Folks,
If current implementation can be made more secure, I'm well for it -
ideally more secure then the alternative native PHP extensions
infrastructure MW has right now.
Unfortunately, this was born because writing extensions for widgets is
hard, writing them in secure way is even harder,
On 9/4/12 5:57 PM, Sumana Harihareswara wrote:
I would love more clarifications from developers to help people decide
when to lump commits together into a changeset and when to split things up.
If your commits are going to be touching the same files repeatedly,
bundle them up into one large
31 matches
Mail list logo
