Page MenuHomePhabricator

Requesting a bot account for @MarcoAurelio
Closed, ResolvedPublic

Description

I'm working on Tracking-Neverending task transition as part of my membership in acl*Project-Admins. This involves sometimes making several hundred of changes as it happened in the last migration I performed (c.f. T151754 and T42760) where it involved unlinking 125 subtasks and modifying about the same number in bulk. This caused IRC flood and for sure a lot of emails sent for this. I don't feel that's user friendly for those subscribed or watching IRC feeds.

My request is that I be granted an account with bot and bulk-edit permissions so I can do this quietly when the need arises. I have a Wikimedia account, MABot, which I can register here via OAuth if desired.

The process I intend to follow is this: after consensus or no opposition is reached in a task, I (@MarcoAurelio) will create the project/tag as required/requested. Then I'll log-in to the "bot" account and will perform the batch editting via the bot account to avoid IRC and email flooding. The account will not be operating any script but it'll be me performing bulk edits for this scope.

I commit myself to keep the batch editting to tracking task transition only if approved, and that I'll seek approval to perform other kind of bulk-edits.

If you have any questions or concerns, please ask.

Thank you for your consideration.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 14 2016, 12:26 PM
Krenair rescinded a token.
Krenair awarded a token.

(please excuse my phone, I think this is fine)

In order not to break anything, please let me know if the account should either be created by the admins, or via LDAP myself or via OAuth myself.

You can check my gerrit patches for it if you wish. I wonder how an email address is
relevant for this though, unless the account has to be created by someone
else, in which case the posibility to provide it privately should be
offered, as email addresses are private information covered by several
statutes and our privacy policy. Thank you.

I objected last time this style of conversation came up, and I will again, We shouldn't be making silent changes in the tracking system, it does make things harder to notice when they happen (I like seeing all the changes personally).

What happens if the bot account gets comprised and no one notices for a few days?

(I'm somewhat fine with IRC being hidden)

What I'd like to avoid is people complaining that their email inboxes are full of emails saying that a tracking bug has been replaced by a tag, and then that I unlinked a lot of subtasks, with IRC bots getting flooded-out or KLINED for possible spam. We can be talking about hundreds of emails and notifications and that will surely make people upset in some tracking tasks.

Furthermore, I only plan to use the yet-to-be-created-bot-account to do the batch edits inherent to the conversion process as I've said above. Anything else, like the tracking bug closure and other messages will be left using my normal account, so that should help aleviate the concerns of lack of transparency as my normal account (@MarcoAurelio) does not have any special privileges to avoid triggering emails and notifications.

With regards to account compromisation, I don't know what to answer. We all try to mantain a certain degree of security, specially those who have been entrusted with high levels of accesses; but I'd dare to say that the risk of account compromisation will be still there as long as Internet exist, and yes, that's concerning but I'm afraid I have not the solution for that. We are all exposed to that risk. Yet, I've not seen any request being denied because their account could be compromised, because the ultimate solution for avoid account compromisation is... well... not having any account at all. If it helps I can request that my account be deactivated when not being used or their bot flag removed when not being used, or their batch-edit permissions too, but I feel that'd not please the reduced team of Phabricator administrators.

In any case, I'll stick to the decision that the Phabricator administrators eventually make.

We shouldn't be making silent changes in the tracking system

Noone talked about making silent changes in the tracking system and that topic is unrelated to this task.

We shouldn't be making silent changes in the tracking system

Noone talked about making silent changes in the tracking system and that topic is unrelated to this task.

That should read, silent changes in the task system (aka phab). Me, as well as many other people have our email preferences configured and customized in certain ways to archive certain goals

Aklapper added a comment.EditedDec 21 2016, 5:07 AM

Noone talked about making silent changes in the task system aka Phab as bot accounts don't make silent changes. So the topic is still unrelated to this task. :)

If this was about having a (co-)use of @Phabricator_maintenance in mind, that's currently blocked by T142904

Noone talked about making silent changes in the task system aka Phab as bot accounts don't make silent changes. So the topic is still unrelated to this task. :)

If I don't get a email on a task i'm currently subscribed to, in line with my pre-selected preferences relating to email notifications, Then yes it is silent to me.

Using a bot account will not "avoid IRC and email flooding".

Aklapper mentioned this in Unknown Object (User).Dec 21 2016, 10:08 AM
Aklapper added a subscriber: Unknown Object (User).

Created @MarcoAurelio-Bot.

@MarcoAurelio: Please go to P4660 and follow https://www.mediawiki.org/wiki/Phabricator/Bots#Bot_account_holders:_Steps_to_perform . If all works as expected, please close this task as resolved.

@Aklapper Please see the paste. I have some questions. Thanks.

MarcoAurelio added a subscriber: mmodell.EditedDec 21 2016, 3:49 PM

I said above:

The process I intend to follow is this: after consensus or no opposition is reached in a task, I (@MarcoAurelio) will create the project/tag as required/requested. Then I'll log-in to the "bot" account and will perform the batch editting via the bot account to avoid IRC and email flooding. The account will not be operating any script but it'll be me performing bulk edits for this scope.

That is not possible since Phabricator user guide upstream say that bot accounts cannot login to UI. Unless somebody else like @mmodell thinks otherwise, then I think I'll have to stick with my normal username to do such tasks. However @StrikerBot does have LDAP credential and thus would be in theory able to log in to the UI. Thanks.

Aklapper removed Aklapper as the assignee of this task.Dec 21 2016, 6:34 PM

Hm. If you need an account with login, then we need to delete that @MarcoAurelio-Bot account, and create a normal one. Or, what I prefer: Just use your own account. There are no such things like botflags at phab, so using phab-account or bot account does not matter. What we did is, we created @Phabricator_maintenance, we tried to reduce noice there. So currently, only one thing is different: We told wikibugs to not list actions of @Phabricator_maintenance, so just creating a bot account at phabricator will not help. Btw: @StrikerBot looks like a bot, but from the view of Phabricator, this is a normal user.

To quote @mmodell:

[19:24] We have a mechanism for doing mass edits without generating noise but we haven't come up with proper policies about using it appropriately so it is currently not being used afaik

To quote MediaWiki Phabricator/Bots:

A personal user account is not appropriate for repetitive patterns of activity.

So I find myself in a bit of a problem. Because indeed tracking bugs migration originates a lot of repetitive patterns of activity, but Phabricator bots ain't allowed to log-in via UI. And even so, while there's a system to avoid noise, it is not used to avoid abuse of it (understandably).

@MarcoAurelio-Bot as it exist now is useless for me, so I request to @mmodell to delete it as it's not linked to LDAP/OAuth.

What I'd like to avoid is people complaining that their email inboxes are full of emails saying that a tracking bug has been replaced by a tag, and then that I unlinked a lot of subtasks, with IRC bots getting flooded-out or KLINED for possible spam. We can be talking about hundreds of emails and notifications and that will surely make people upset in some tracking tasks.

Maybe I'm misunderstanding, but I don't think a bot account on Phabricator would fix this.

Maybe I'm misunderstanding, but I don't think a bot account on Phabricator would fix this.

Apparently I also did. Bots are to operate through the API and cannot log-in but on Arcanist if I understand correctly. Since I requested a separate non-noise account to use with the web UI, this does not resolve my problem :(

MarcoAurelio closed this task as Resolved.Jan 5 2017, 8:39 AM
MarcoAurelio assigned this task to Aklapper.

Closed as resolved since the task about bot creation is done. I'll file a different task to get it deleted.