Page MenuHomePhabricator
Create Task
Maniphest T211464

Please add iCloud.com and other online storage hosts to the wgCopyUploadsDomains whitelist of Wikimedia Commons
Closed, DeclinedPublic
Actions

Description

I would like to request that photos.google.com, one.google.com, google.com/drive, dropbox.com, onedrive.live.com and icloud.com be added to the whitelist for upload_by_url tasks.

I take many pictures of architecture, historic places, monuments, landscape and nature which are automativally uploaded from my smart phone to GooglePhotos, Dropbox and mostly to the iCloud. Obviously it is a pain to upload photos directly from the smartphone, having to enter all descriptions with my thumb on the tiny screen keyboard. Also I don't want to use my limited bandwidth and hard disk capacity to download all photos from the cloud to the desktop computer (which is also broken at the moment) in order to be able to re-upload them all to Commons. I am surprised that there seems to be no easy method of uploading in bulk from the smartphone and later adding filenames and file descriptions from the tablet or desktop computer.

With the upload-by-url function I am hoping to be able to upload directly from cloud storage. Is that correct?

Best regards and thank you. 

Related Objects
Search...

View Standalone Graph
This task is connected to more than 200 other tasks. Only direct parents and subtasks are shown here. Use View Standalone Graph to show more of the graph.
StatusSubtypeAssignedTask
· · ·
ResolvedNoneT60224 Add domains to $wgCopyUploadsDomains (tracking)
DeclinedNoneT211464 Please add iCloud.com and other online storage hosts to the wgCopyUploadsDomains whitelist of Wikimedia Commons
· · ·

Event Timeline

KaiKemmann created this task.Dec 8 2018, 12:45 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 8 2018, 12:45 AM
4nn1l2 subscribed.Dec 8 2018, 12:56 AM
Kizule subscribed.Dec 8 2018, 2:54 AM

Hi @KaiKemmann. Do you want to work on this task or I can claim this task?

Liuxinyu970226 subscribed.Dec 8 2018, 6:13 AM

And, how are these storages be free license licensed?

Aklapper added a comment.Dec 8 2018, 7:27 AM

As far as I know, usually websites which host files under free licenses are added to the whitelist. But these domains can host anything, basically.
(Maybe https://commons.wikimedia.org/wiki/Commons:Upload_tools/wgCopyUploadsDomains and/or https://commons.wikimedia.org/wiki/Commons:Upload_tools#Upload_by_URL need a better explanation of scope because I'm not sure that's a 'rule' or not.)

KaiKemmann added a comment.Dec 8 2018, 3:38 PM

I am really not very familiar with the procedures and mostly just looking for a way to efficiently upload from a smart phone.

But I understand the "upload_by_url" function is only available to users with special functions ("Image reviewers, Admins, GWToolset users, Extended uploaders") or to reliable users by application.

So having a whitelist for the sources these supposedly trustworthy users can upload files from might be considered an unnessecary precaution.
But who am I to know about the reasons behind these measurements ...

@Zoranzoki21: I am not sure what "working on a task" involves. I would therefore be happy if you would want to "claim the task" and do with it whatever you deem appropriate.

thanks for your attention,
Kai

Urbanecm changed the task status from Open to Stalled.Dec 8 2018, 4:01 PM
Urbanecm removed KaiKemmann as the assignee of this task.
Urbanecm triaged this task as Low priority.
Urbanecm moved this task from Backlog to Analysis / under discussion on the Wikimedia-Site-requests board.
Urbanecm subscribed.

I unassigned you then. Workng on a task involves completing it. What completing a task is varies per task, in this case, it is needed to upload a patch to operations/mediawiki-config repository and schedule it for deployment.

@Zoranzoki21 I'm marking this as stalled, because I'm not sure if we can proceed. Maybe allowing trusted users to upload from any URL will be better than adding everything somebody wants to the whitelist. I think this deserves some discussion.

Dereckson subscribed.Dec 9 2018, 5:56 PM

From a security point of view, the idea of the whitelist is:

  • to avoid to DDoS external networks from Wikimedia Cluster
  • to avoid the Wikimedia Cluster is DDoSed by external networks

If the domains are as public as usable by any user, that could be a source for a DDoS effort: for example in the past we got the video convert jobs saturated by movies uploads for Wikipedia Zero.

From an usability point of view, those domains are generally protected by login or HTML confirmation from to be able to use them: Google Drive is especially difficult to fetch from (the picture URL won't always work for example).

Framawiki subscribed.Dec 9 2018, 9:44 PM

Related: T210330: Please add https://pbs.twimg.com to the wgCopyUploadsDomains whitelist of Wikimedia Commons

Liuxinyu970226 mentioned this in T178961: Please add *.500px.com to the wgCopyUploadsDomains whitelist of Wikimedia Commons.Jan 30 2019, 2:26 AM
Jdforrester-WMF subscribed.Jan 30 2019, 4:19 PM
In T211464#4808574, @Dereckson wrote:

From a security point of view, the idea of the whitelist is

Is this true? Uploads-via-URL for Commons are already restricted to a pretty small set of users (sysop, extended-uploader, bot, and Image-reviewer). . I'm not sure the defence-in-depth concern is the main reason we have this, but instead as a community policy thing about what sources are valid (which itself seems a bit odd, as the community normally expects trusted users to use their own judgement on such things).

4nn1l2 added a comment.Jan 30 2019, 5:53 PM
In T211464#4918526, @Jdforrester-WMF wrote:

Uploads-via-URL for Commons are already restricted to a pretty small set of users (sysop, extended-uploader, bot, and Image-reviewer).

Now I oppose to the implementation of this request, because upload_by_url right will be granted to all autopatrolled users soon (T214003), so we need to have a cherry-picked whitelist.

Majora subscribed.Feb 5 2019, 4:52 AM
Framawiki closed this task as Declined.Jun 15 2019, 1:40 PM

This task is about adding to the whitelist servers that allows hosting content from everybody. That means whitelisting any content. In that case, the whitelist is no longer useful, by definition IMO.
It would then be a matter of removing the whitelist restriction. But that would be another task and another set of discussions (feel free to create that one).

Closing as declined.

Restricted Application removed a subscriber: Liuxinyu970226. · View Herald TranscriptJun 15 2019, 1:40 PM
Framawiki mentioned this in T210330: Please add https://pbs.twimg.com to the wgCopyUploadsDomains whitelist of Wikimedia Commons.Jun 15 2019, 1:41 PM
Urbanecm moved this task from Incoming to Uploading (upload_by_url and server side upload) on the Commons board.Jul 19 2020, 6:39 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL