I'm definitely supportive of greater security for sitewide JS/CSS, but
Bart's proposal is an interesting one. (Sorry for top posting, on mobile)
What if we required review of edits to JS/CSS in the MediaWiki namespace
(not in other namespaces), ala pending changes or something similar? We
require code review in Gerrit, so why not sitewide code in the wiki?
I propose this because if we split code editing rights into a separate
userright, this entails increased process bloat for managing who and who
doesn't get the right, the criteria for deciding that, and so on. Requiring
code review would allow for more flexibility while increasing security. It
would require less process bloat too because the community already has
mechanisms for requesting edits be confirmed via talk pages and such.
On Mon, Jun 11, 2018 at 8:15 AM Bart Humphries <bart.humphr...@gmail.com>
wrote:
> " I remember a situation when I posted a fix for a script in the
> MediaWiki namespace
> as an {{edit request}}, and a well-meaning administrator tried to "improve"
> my line of code and forgot a comma, breaking all JavaScript for all
> logged-in as well as not logged-in Wikipedia editors and readers for some
> painful minutes"
>
> Everyone makes mistakes. I presume that under this revised proposal, that
> administrator would still have had JS edit permission, and might have still
> made the mistake. I mean, they apparently knew JS well enough to have been
> able to pass whatever test would have been required to get that permission
> added to their account.
>
> Perhaps we need a real test environment of some sort, so that changes like
> that must be run on the test server for X [time period] before being pushed
> to live? Changes can't happen on live until there's some sort of consensus
> that the test code actually works as run -- any additional changes reset
> the test time period counter before it can be pushed to live.
>
> Bart Humphries
> bart.humphr...@gmail.com
> (909)529-BART(2278)
>
> On Mon, Jun 11, 2018 at 7:40 AM, Thiemo Kreuz <thiemo.kr...@wikimedia.de>
> wrote:
>
> > > Is there any historical evidence that sysops being able to edit JS /
> CSS
> > caused some serious issues?
> >
> > Oh yes, this happens more often than I feel it needs to. I remember a
> > situation when I posted a fix for a script in the MediaWiki:…
> > namespace as an {{edit request}}, and a well-meaning administrator
> > tried to "improve" my line of code and forgot a comma, breaking all
> > JavaScript for all logged-in as well as not logged-in Wikipedia
> > editors and readers for some painful minutes.
> >
> > I believe such can be avoided with more clear roles that are visible
> > for everybody. A separate "tech admin" role would also allow
> > volunteers to apply for exactly that, and not be asked why they don't
> > do enough "administrator actions" with their privileges.
> >
> > Sure, this is anecdotal evidence. Please forgive me, but I currently
> > don't have the time to find the pages documenting these situation.
> >
> > Best
> > Thiemo
> >
> > _______________________________________________
> > Wikitech-l mailing list
> > Wikitech-l@lists.wikimedia.org
> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
> >
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
