Page MenuHomePhabricator

Nuke Extension: Code Stewardship Review
Open, MediumPublic

Description

Intro

The Nuke extension is an anti-abuse tool that is used in the recovery efforts post abuse incident. It currently lacks Code Stewardship and recently surfaced as part of Task T212690.

Number, severity, and age of known and confirmed security issues

none

Was it a cause of production outages or incidents? List them.

no

Does it have sufficient hardware resources for now and the near future (to take into account expected usage growth)?

n/a

Is it a frequent cause of monitoring alerts that need action, and are they addressed timely and appropriately?

Yes as of late. It's recently been at the root on DBQueryTimeoutError on Wikidata

When it was first deployed to Wikimedia production

unknown

Usage statistics based on audience(s) served

only used by sysops as part of abuse cleanup

Changes committed in last 1, 3, 6, and 12 months

Reliance on outdated platforms (e.g. operating systems)

n/a

Number of developers who committed code in the last 1, 3, 6, and 12 months

1:0, 3:0, 6:2, 12:2

Number and age of open patches

0

Number and age of open bugs

24

Number of known dependencies?

0

Is there a replacement/alternative for the feature? Is there a plan for a replacement?

Nuke's capabilities could be transferred into other abuse tools, but currently is the only source for its capabilities.

Submitter's recommendation (what do you propose be done?)

Per a discussion with @Krinkle, it is recommended that this extension remain deployed and found a Code Steward.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 16 2019, 11:26 PM
Krinkle updated the task description. (Show Details)Apr 17 2019, 1:40 AM
Krinkle updated the task description. (Show Details)

(changed ref to be bare to enable hovercards)

greg triaged this task as Medium priority.Jul 16 2019, 9:30 PM
Tgr added a subscriber: Tgr.Aug 1 2019, 10:34 AM

In theory, Nuke could easily be replaced by an OAuth-backed external tool - no risk of causing errors in production, easy for maintainers to improve without being encumbered by all the things that make MediaWiki development slow. OTOH handing out deletion grants to apps is not completely unheard of but still somewhat scary security-wise.