The number of newsletters a user may create should be capped. If a user is already a publisher of N active newsletters, the user should not be permitted to create additional ones.
I am not sure what would be a good value for N. 25? 100? 1000?
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Duplicate | Qgil | T125545 Phabricator Q&A session for Community Liaisons | |||
| Resolved | Qgil | T116025 Goal: Align Community Liaison and Developer Relations project management practices | |||
| Resolved | Qgil | T119387 Community Liaison and Developer Relation quarterly goals for January - March 2016 | |||
| Declined | None | T104131 Exporting existing newsletter to the Newsletter extension | |||
| Resolved | Addshore | T110170 Goal: Deploy Newsletter extension in Wikimedia | |||
| Duplicate | None | T115098 Deploy Newsletter extension in beta cluster | |||
| Resolved | ori | T127297 Add the Newsletter extension to the Beta Cluster | |||
| Resolved | Bawolff | T115095 Security review of Newsletter extension | |||
| Declined | None | T131616 Cap the number of active newsletters per user |
Event Timeline
Comment Actions
The only interesting question about this is: what about users who are added as publishers to other newsletters by other people? Do we block a user from being added as a publisher when they reach the limit, or do we only block the creation of new newsletters?
Comment Actions
Weird, I don't remember claiming this in Phabricator. Although I can work on it if @01tonythomas wants.
Comment Actions
I think we should only block the number of newsletter creation per user. Adding as publisher by other user got a different origin.
Comment Actions
You could simplify things substantially by allowing only one publisher for each newsletter, and making newsletter ownership transferable. This would allow you to get rid of the nl_publishers table entirely (you'd replace it with an additional column in nl_newsletters).
In my opinion, this would be an improvement. People would still be able to share editorial responsibility for a newsletter. Being the owner simply means you have to be the one clicking the button to announce a new issue, but so what?
Comment Actions
To reduce the attack surface. If it's not limited you could just create a million of them and ruin the feature for everybody by making Special:Newsletters time out.
Comment Actions
Well, Special:Newsletters should be paginated, so a time-out because of a large number of newsletters would not be an issue.
Now that I'm thinking about it, since creating newsletters is already rate-limited, and ideally the permission should be given out with discretion anyway, is there really a point to a hard limit like this?
Comment Actions
Hm -- right. I forgot about the rate-limiting. In that case, yes, this is probably not necessary.
Comment Actions
Just fyi / fwiw, we discussed this in the early stages of this project and we agreed that this limit would be too prone to have single publishers vanishing or just taking de facto wiki-vacation, leaving other contributors with a problem that only could be solved by bothering admins. The current setup works better in terms of workflow, imho.