Page MenuHomePhabricator
Create Task
Maniphest T115430

Undeploy the 'Cologne Blue' and 'Modern' skins from Wikimedia production
Open, MediumPublic
Actions

Description

In https://meta.wikimedia.org/wiki/Turning_off_outdated_skins when we killed five of the then-nine skins available on the site, originally these two were retained as unsupported-by-WMF because volunteers said they would keep them running and up-to-date.

However, this hasn't happened in practice. Various key features and extensions don't work, or don't work well, in these skins, including notifications, the visual editor, and others. Occasionally, someone shouts a lot (and rightly so), and WMF staffers and others try to apply a quick fix to keep things sort-of working, but it's against our explicit statement that we wouldn't do this, and it strengthens the incorrect understanding that we do try to keep them running.

Maybe we should admit reality, and remove them from production rather than falsely (albeit implicitly) claiming that they work by continuing to ship them?

Related Objects

Event Timeline

Jdforrester-WMF created this task.Oct 14 2015, 1:14 AM
Jdforrester-WMF raised the priority of this task from to Needs Triage.
Jdforrester-WMF updated the task description. (Show Details)
Jdforrester-WMF added projects: Web-Team-Backlog, Wikimedia-Site-requests, CologneBlue, Modern.
Jdforrester-WMF subscribed.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptOct 14 2015, 1:14 AM
Krenair subscribed.Oct 14 2015, 1:15 AM
revi subscribed.Oct 14 2015, 6:23 AM
Florian subscribed.Oct 14 2015, 1:02 PM
matmarex subscribed.EditedOct 14 2015, 1:09 PM

I am still sort of kind of maintaining them both (you'll notice that I joined both of their projects). No one seems to be filing any bugs though. I tried to help the Echo team a bit with their recent problems (I think I managed to merge a patch), but mostly they solved them swiftly enough without me.

Jdlrobson triaged this task as Medium priority.Oct 14 2015, 4:22 PM
Jdlrobson subscribed.

We are either aspiring to have a skin system that doesn't need maintaining or minimal maintaining (which can be achieved by having lots of skin choices deployed) or to simply support Vector/Minerva (mobile skin).

In practice it seems to be the latter but it would be good to have clarity.

The reading team in practice is only supporting Vector/Minerva for our projects and Monobook in extreme cases (but only when trivial).

Luke081515 subscribed.Oct 14 2015, 8:32 PM
MGChecker subscribed.Oct 15 2015, 5:32 PM
LikeLifer subscribed.Oct 26 2015, 1:03 PM
Liuxinyu970226 set Security to None.Nov 21 2015, 5:38 AM
Liuxinyu970226 subscribed.Dec 12 2015, 1:35 PM
Aklapper added a comment.Dec 12 2015, 8:15 PM
In T115430#1724958, @matmarex wrote:

I am still sort of kind of maintaining them both

Does that make this task a WONTFIX/declined?

In T115430#1725610, @Jdlrobson wrote:

We are either aspiring to have a skin system that doesn't need maintaining or minimal maintaining (which can be achieved by having lots of skin choices deployed)

Is T114071: Let's discuss the skin creation process at Wikimedia-Developer-Summit-2016 related?

or to simply support Vector/Minerva (mobile skin).
In practice it seems to be the latter but it would be good to have clarity.

Where to have this discussion and who to drive it?

Aklapper mentioned this in T98358: WMF to integrate, consolidate, and pause or stop stalled initiatives.Dec 12 2015, 8:16 PM
Nemo_bis subscribed.Dec 13 2015, 8:34 AM

when we killed five of the then-nine extensions available on the site

Do we have an assessment of what we gained with that operation, in hindsight?

Glaisher subscribed.Dec 13 2015, 8:54 AM
Aklapper added a comment.Feb 27 2016, 9:22 PM
In T115430#1724958, @matmarex wrote:

I am still sort of kind of maintaining them both

Does that make this task a WONTFIX/declined?

In T115430#1725610, @Jdlrobson wrote:

We are either aspiring to have a skin system that doesn't need maintaining or minimal maintaining (which can be achieved by having lots of skin choices deployed)

Is T114071: Let's discuss the skin creation process at Wikimedia-Developer-Summit-2016 related?

or to simply support Vector/Minerva (mobile skin).
In practice it seems to be the latter but it would be good to have clarity.

Where to have this discussion and who to drive it?

Restricted Application added a subscriber: JEumerus. · View Herald TranscriptFeb 27 2016, 9:22 PM
Bawolff subscribed.Feb 27 2016, 9:24 PM

Shouldn't new features work with every skin (In theory?), skins shouldn't have to be modified to work with new features (In principle).

SamanthaNguyen subscribed.Feb 27 2016, 9:24 PM
Krinkle updated the task description. (Show Details)Feb 27 2016, 11:46 PM
Nemo_bis closed this task as Declined.Feb 28 2016, 8:07 AM

Shouldn't new features work with every skin (In theory?), skins shouldn't have to be modified to work with new features

Indeed. Also, we ought to have some data on the past iteration of this skin-killing experiment, before we do a new one:

In T115430#1876144, @Nemo_bis wrote:

when we killed five of the then-nine extensions available on the site

Do we have an assessment of what we gained with that operation, in hindsight?

Closing for now, we can reopen when/if we actually have a rationale.

Restricted Application removed a subscriber: Liuxinyu970226. · View Herald TranscriptFeb 28 2016, 8:07 AM
Glaisher renamed this task from De-deploy the 'Cologne Blue' and 'Modern' skins from Wikimedia production, as no-one is keeping them working to Undeploy the 'Cologne Blue' and 'Modern' skins from Wikimedia production, as no-one is keeping them working.Mar 1 2016, 3:44 PM
Amorymeltzer subscribed.Nov 8 2018, 2:11 AM
phuedx subscribed.Aug 30 2019, 5:30 PM
In T115430#1724958, @matmarex wrote:

I am still sort of kind of maintaining them both (you'll notice that I joined both of their projects). No one seems to be filing any bugs though. I tried to help the Echo team a bit with their recent problems (I think I managed to merge a patch), but mostly they solved them swiftly enough without me.

@matmarex: Would you mind if I updated https://www.mediawiki.org/wiki/Developers/Maintainers#MediaWiki_skins_deployed_on_the_Wikimedia_Cluster to reflect that?

matmarex added a comment.Aug 30 2019, 5:56 PM

Go ahead, I'm still volunteering to maintain them.

Jdforrester-WMF added a comment.Aug 30 2019, 6:19 PM
In T115430#2069739, @Bawolff wrote:

Shouldn't new features work with every skin (In theory?), skins shouldn't have to be modified to work with new features (In principle).

That's not the development policy, no. MediaWiki's disaster-zone of skin support means it's unachievable, sadly. Scrapping the skins system and replacing it with a much-less-powerful theming concept could allow it, but no-one seems to have the appetite for that.

Bugreporter mentioned this in T367661: Undeploy Modern and Cologne Blue skins from Wikimedia.Jun 17 2024, 7:16 AM
Bugreporter closed this task as a duplicate of T301274: Consider removing Modern or CologneBlue for performance reasons.Jun 17 2024, 7:45 AM
Jdforrester-WMF reopened this task as Open.Jun 17 2024, 1:29 PM

This very clearly is not a duplicate.

matmarex closed this task as Declined.Jun 17 2024, 1:39 PM

This task was previously declined.

Ladsgroup reopened this task as Open.EditedWed, Nov 20, 10:47 AM
Ladsgroup subscribed.

I would like to revisit this. I understand it has at least have a maintainer on record but the cost of more software in production goes beyond lack of maintainer.

Ladsgroup renamed this task from Undeploy the 'Cologne Blue' and 'Modern' skins from Wikimedia production, as no-one is keeping them working to Undeploy the 'Cologne Blue' and 'Modern' skins from Wikimedia production.Wed, Nov 20, 10:47 AM
Bawolff added a comment.Wed, Nov 20, 11:13 AM

Given its not even possible to set your skin to cologneblue or modern in Special:Preferences without using a secret url parameter, I don't see much point in keeping these skins deployed.

Aklapper mentioned this in T301274: Consider removing Modern or CologneBlue for performance reasons.Wed, Nov 20, 2:53 PM
Aklapper awarded a token.
Pppery awarded a token.Wed, Nov 20, 4:27 PM
Pppery added a project: User-notice.Wed, Nov 20, 5:17 PM
Pppery moved this task from To Triage to Not ready to announce on the User-notice board.
matmarex added a comment.Wed, Nov 20, 7:25 PM

11 patches during the past year indicates to me that CologneBlue is extremely stable. This is a very small number. I am struggling to find a single extension deployed on Wikimedia sites that has had fewer than that. (I found one tie: by my count the SiteMatrix extension, which implements a single special page and a single API module that haven't really changed in the past 15 years, also has had 11 non-bot patches last year. Other extensions that I thought would be trivial and requiring almost no maintenance have had more, e.g. Babel, InputBox, WikiHiero.)

I was involved in more than half of these 11 patches (either as author or reviewer) and I enjoyed working on them.

CologneBlue has just 16 localisation messages, and it is not prioritized for translation. It's not a part of the "MediaWiki (most important messages)" message group. You have to go out of your way and browse to MediaWiki → MediaWiki skins → Cologne Blue to translate it, and there are 44 other skins alongside it. I would expect that anyone who has translated it recently also did that only because they enjoyed doing it.

The last security vulnerability in CologneBlue was found in 2020 (T267278) and it was only exploitable by a rogue administrator; we haven't really considered that a security issue until a few years ago. In the same timeframe, legacy Vector has had at least 3 security problems of comparable severity. There may have been more, but it's hard to search for them, since "vector" is a common word in the context of web security (as in "attack vector"), and hard to distinguish them from modern Vector, which has had its share.

In short, I am not convinced.

A_smart_kitten subscribed.Wed, Nov 20, 11:41 PM
Ladsgroup added a comment.Thu, Nov 21, 9:53 AM
In T115430#10341646, @matmarex wrote:

11 patches during the past year indicates to me that CologneBlue is extremely stable. This is a very small number. I am struggling to find a single extension deployed on Wikimedia sites that has had fewer than that. (I found one tie: by my count the SiteMatrix extension, which implements a single special page and a single API module that haven't really changed in the past 15 years, also has had 11 non-bot patches last year. Other extensions that I thought would be trivial and requiring almost no maintenance have had more, e.g. Babel, InputBox, WikiHiero.)

Skins still rely on mediawiki core and mediawiki core changes. Needing to update all extensions deployed in production slows down changes in core, slowing down new features or refactors for everyone.

I was involved in more than half of these 11 patches (either as author or reviewer) and I enjoyed working on them.

you did but one volunteer fixing one of the issues there explicitly asked me "why don't we undeploy this?" Because they were fixing issues among all deployed code and this was among them.

CologneBlue has just 16 localisation messages, and it is not prioritized for translation. It's not a part of the "MediaWiki (most important messages)" message group. You have to go out of your way and browse to MediaWiki → MediaWiki skins → Cologne Blue to translate it, and there are 44 other skins alongside it. I would expect that anyone who has translated it recently also did that only because they enjoyed doing it.

It is in MediaWiki group still and people translate that group as a whole. Not necessarily because they enjoy it and even if they do, that's not a reason to keep software in production.

The last security vulnerability in CologneBlue was found in 2020 (T267278) and it was only exploitable by a rogue administrator; we haven't really considered that a security issue until a few years ago. In the same timeframe, legacy Vector has had at least 3 security problems of comparable severity. There may have been more, but it's hard to search for them, since "vector" is a common word in the context of web security (as in "attack vector"), and hard to distinguish them from modern Vector, which has had its share.

That's still one too many. Even if vector would have let's say 9 security issues, 9 security issues is better than 10. Since any security issue in any skin can be weaponized to attack anyone.

Also there is a cost-benefit there. Vector is used by hundreds of millions of users every month, CologneBlue is used by around 100 users in enwiki, if you even go with an extremely high number of total 1000 users, that's still a significant cost for a extremely small benefit. (0.25 security issue/year to serve 1000 users = 0.00025 security issue per year per user vs. 0.75/100,000,000 (at least))

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits