During the investigation of the instigating security incident we identified architectural issues with the systems and processes that make up the nightly localization updates. This update process is currently disabled and will remain disabled until there is a clear plan and resourcing for improving the architecture. That is the purpose of this task.
A couple of the issues brought up during our discussions:
- the nightly job that sends updated translations to gerrit is not automated due to a few reasons
- a potential partial solution to this is adding Keyholder support to the set of scripts that manage it
- the wheel-waring that happens between scap and l10nupdate throughout the week.
- do we backport updated translations to the current wmf.XX branch? Do we do something different?
There's also the meta question of: Is the current model (push from twn to gerrit, scap/l10nupdate update production) the right one or should it be different (eg: have a pull from twn for Wikimedia extensions)?