Page MenuHomePhabricator

Clean up mediawiki/extensions/Wikibase ACL
Closed, ResolvedPublic

Description

https://gerrit.wikimedia.org/r/#/admin/projects/mediawiki/extensions/Wikibase,access

There's some really weird stuff here, for example no one should have permissions to force push things.

Additionally V+2 is only allowed to bots (good), and members of wikidata group (not great). In this case, a member of the wikidata group force merged, broke CI for other extensions, and when I went into force merge something to half-fix things, I wasn't able to. This is problematic - either all humans with +2 can also V+2 or *no* humans can V+2 (normal practice when taking away V+2 from humans in some repos).

Event Timeline

The wikidata permissions are mostly redundant, considering they're all in the extension-Wikibase group.

Wow, what a mess. At this point I see no reason to allow force-pushing, V+2 etc. But will verify whether this is required, and for what reason with my more experienced colleagues.

From looking at the provided page I'm not able to understand the "mess".

I would like to argue for giving all people that already have +2 rights also the right to force-merge. This can be a helpful tool in super-rare situations. I don't recall situations where it was misused (actually I do, but this was 2 years ago, and the person is not around any more).

Taking the possibility to force-merge away from the team does have it's benefit. Most notably: everybody must fix CI first before being able to continue working on it's own stuff, which I consider a good thing. However, this only makes sense if nobody in no other extension Wikibase runs it's tests against can ever force-merge anything. Is this given? Otherwise "they" could still block "us", but we can't unblock, leading to the same situation that inspired this ticket, just the other way around.

From looking at the provided page I'm not able to understand the "mess".

Compare the Wikibase ACL with a normal MediaWiki extension, e.g. https://gerrit.wikimedia.org/r/#/admin/projects/mediawiki/extensions/MassMessage,access - it really should look like the latter.

However, this only makes sense if nobody in no other extension Wikibase runs it's tests against can ever force-merge anything. Is this given?

Nope. Force merges are allowed in mediawiki/core, vendor, most extensions, etc. (And to be clear, I don't have an opinion either way here, I just want it to be one way or the other, not half in the middle)

I poked at this stuff way back in 2013(?) and remember we had some problems with the default config. I believe one of the issues we had is that we could not manage the permissions ourselves. That is many years ago though, with presumably the default config having changed and the Wikibase workflow also no longer being the same (people now know how to use git, unlike at the start of the project).

I don't remember much more though and have no idea what the force pushing is for.

Edit: actually I have a suspicion why this was added. If these rights where shared with libraries such as Diff, which where at first on Gerrit and then moved to GitHub, the force push was probably added for these. Back in the day Translatewiki did not support GitHub, so we kept a copy of these repos on Gerrit, which we then synced every now and then so it had the latest code from GH.

I remember when I first joined the Wikidata team I accidently just pushed to gerrit, and it let me 📦...

IMO I see no reason that we can't switch to the default settings.

Legoktm claimed this task.

OK, I've reset it to the standard ACL. Please let me know / re-open if you run into any issues.