Code Stewardship Review: SpamBlacklist
Open, MediumPublic
Actions

Assigned To

None

Authored By

	Jrbranaa
	Jun 3 2019, 6:16 PM

Description

Intro

The SpamBlacklist extension's presumed Code Steward is actually not the Code Steward. There's been some outstanding production errors that have been occurring for over a year in addition to some CI instability issues.

Number, severity, and age of known and confirmed security issues

TBD

Was it a cause of production outages or incidents? List them.

TBD

Does it have sufficient hardware resources for now and the near future (to take into account expected usage growth)?

n/a

Is it a frequent cause of monitoring alerts that need action, and are they addressed timely and appropriately?

Yes, there have been some ongoing errors in production (see T148639→T64864).

When it was first deployed to Wikimedia production

unknown

Usage statistics based on audience(s) served

TBD

Changes committed in last 1, 3, 6, and 12 months

TBD

Reliance on outdated platforms (e.g. operating systems)

n/a

Number of developers who committed code in the last 1, 3, 6, and 12 months

TBD

Number and age of open patches

TBD

Number and age of open bugs

TBD

Number of known dependencies?

TBD

Is there a replacement/alternative for the feature? Is there a plan for a replacement?

Uknown

Submitter's recommendation (what do you propose be done?)

none

Related Objects

Mentioned In: T352827: Directory traversal allows single-page whitelisting to override entire spam-blacklist entry
Mentioned Here: T251047: Spam blacklist lets edits through
T64864: SpamBlacklist: Fix "PHP Warning: preg_match(): Compilation failed: nothing to repeat" in EmailBlacklist
T148639: SpamBlacklist is escaping/validating patterns incorrectly - "Compilation failed: nothing to repeat at offset 13"

Event Timeline

Jrbranaa created this task.Jun 3 2019, 6:16 PM

Restricted Application added a project: Release-Engineering-Team (Kanban). · View Herald TranscriptJun 3 2019, 6:16 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

matmarex updated the task description. (Show Details)Jun 4 2019, 6:09 PM

Hello @marcella, this extension came up as a Code Stewardship review request, but I've noticed that it is marked as being stewarded by the Editing team on developers/maintainers page. Just checking to see what the actual Code Stewardship status is before I dig any deeper.

@marcella: Could you please elaborate if the WMF Editing Team is responsible for the SpamBlacklist extension? Thanks.

greg edited projects, added Release-Engineering-Team-TODO (201907); removed Release-Engineering-Team (Kanban).Jul 1 2019, 9:25 PM

greg moved this task from INBOX to Ready on the Release-Engineering-Team-TODO (201907) board.Jul 1 2019, 9:27 PM

greg triaged this task as Medium priority.Jul 3 2019, 10:29 PM

greg edited projects, added Release-Engineering-Team-TODO; removed Release-Engineering-Team-TODO (201907).Jul 6 2019, 4:33 AM

greg moved this task from Should be empty (use Release-Engineering-Team) to Next on the Release-Engineering-Team-TODO board.Jul 6 2019, 5:25 AM

greg added a project: Release-Engineering-Team (Code Health).Jul 6 2019, 5:56 AM

In T224921#5292216, @Aklapper wrote:

@marcella: Could you please elaborate if the WMF Editing Team is responsible for the SpamBlacklist extension? Thanks.

This extension is not currently maintained by the WMF Editing Team. We have no specialized knowledge or skills among the team engineers to support this extension. I'll update the developers/maintainers page to reflect that we are not actively maintaining it.

Jrbranaa moved this task from Backlog to In Review on the Code-Stewardship-Reviews board.Jul 31 2019, 10:01 PM

The form seems a little underfilled out... There was basically one production error which arguably was intentional behaviour (albeit maybe a poor design choice not to suppress it)

Anomie subscribed.Aug 5 2019, 12:55 PM

Nikerabbit subscribed.Aug 21 2019, 1:23 PM

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:02 PM

Beetstra subscribed.Oct 22 2020, 11:55 AM

Still waiting for a code review 1+ year later at https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SpamBlacklist/+/505688.

In T224921#5382785, @Bawolff wrote:

There was basically one production error which arguably was intentional behaviour (albeit maybe a poor design choice not to suppress it)

At the Wikidata project, we have been struggling to use this extension as it does not seem to behave as documented. We add URLs to the blacklist and the API confirms that they are blocked, but editors can go right ahead and add them anyway. See T251047 where this was reported a year ago, but we still have no guidance on whether we should even keep attempting to use this anti-vandalism tool.

thcipriani removed a project: Release-Engineering-Team (Code Health).Apr 20 2021, 12:00 AM

thcipriani removed a project: Release-Engineering-Team-TODO.Apr 20 2021, 12:01 AM

Removing task assignee due to inactivity, as this open task has been assigned for more than two years (see emails sent to assignee on May26 and Jun17, and T270544). Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be very welcome!

(See https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator.)

For everyone's info, currently no Code-Stewardship-Reviews are taking place as there is no clear path forward and as this is not prioritized work.
(Entirely personal opinion: I also assume lack of decision authority due to WMF not having a CTO currently. However, discussing this is off-topic for this task.)

Peachey88 added a project: SpamBlacklist.May 18 2023, 9:43 AM

sbassett mentioned this in T352827: Directory traversal allows single-page whitelisting to override entire spam-blacklist entry.Dec 6 2023, 7:42 PM

Code Stewardship Review: SpamBlacklistOpen, MediumPublicActions

Description

Related Objects

Event Timeline

Code Stewardship Review: SpamBlacklist
Open, MediumPublic
Actions