Page MenuHomePhabricator

Implement new signature requirements
Open, Needs TriagePublic

Description

In T247046, we publicized a request for volunteers to share their feedback about the proposal to codify signature requirements in Wikipedia's software. [1]

This task represents the resulting work involved with implementing the new requirements and making the people affected by these new requirements aware of them.

Final requirements

The user signatures requirements that will be implemented as part of this project will be limited to those which directly affect the reliability of DiscussionTools. With this in mind, the changes that will be implemented are as follows:

Requirement nameDescriptionImplementation ticket
1. Disallow unclosed HTML tagsThe scope of this requirement will be narrower than how it was defined in the original proposal. Obsolete HTML tags within signatures will not be affected by the changes we are making as part of this proposal. A requirement to disallow obsolete HTML tags was present in the original proposal and have since been removed as they do not directly affect the reliability of DiscussionTools.T140606
2. Disallow abuses of nested substitutionsThe scope of this requirement will be implemented in the same way it was defined in the original proposal.T230652
3. Require a link to user page, talk page or contributionsThe scope of this requirement will be implemented in slightly more specific way than it was defined in the original proposal: signatures will be required to contain at least one local link.T237700

Implementation plan

The "Final requirements" will be implemented and communicated as follows:

StepDescriptionTicket
1. Post final requirements and implementation plan to proposal pageThe contents of what should be posted to the project page are listed in the "Update contents" section above.**T254613
2. Notify the people who are likely to get asked questions once the changes are implementedPost consultation outcomes to relevant technical spaces (e.g. tech news, village pump technical, bot operators' noticeboard, etc.)T254614
3. Implement software changesDeploy T140606, T230652 and T237700. Note: people with non-compliant signatures will not be affected at this point; they will still be able to use their signatures as they are, even after these changes are implemented.T140606 T230652 T237700
4. Post messages on the user talk pages of every person affected.Messages will be sent to every person whose signatures do not meet the new requirements. These messages will be sent in phases, so not as to overwhelm people likely to receive questions about these changes.T254616
5. Remind people who have not yet updated their signature of upcoming changesThis is the final message that will be sent to people notifying them that if they do not update their signatures by a to be determined date, the next time they attempt to sign a comment, their signature will be replaced with the default signature.T254619
6. Replace invalid signatures with defaultAt a time that has not yet been determined, existing signatures made invalid by any of the changes introduced in T140606, T230652 or T23770 will get replaced by a default signature.T255324

Open questions

  • How can changes be implemented gradually so we can A) identify unexpected issues and B) ensure we have the capacity to respond to peoples' questions?
    • See "Step 4" in "Implementation plan": messages will be sent in phases.
  • Will links to other WMF projects be allowed in signatures?
    • Yes, but signatures will need to contain at least one local link.

Done


  1. https://www.mediawiki.org/wiki/Talk:New_requirements_for_user_signatures
  2. https://www.mediawiki.org/wiki/New_requirements_for_user_signatures

Related Objects

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

On 7-April, Bartosz, Sherry and I met to discuss the "Update contents" listed in the task description (e.g. what changes will be implemented, when they will be implemented, how people will be made aware, etc.).

The outcomes of that conversation, as well as some thoughts that emerged from it and the on-wiki conversations, are in the comment below (T248632#6159036).

Some of what is described in T248632#6159036 requires additional work to be done. Before creating tasks for that work, we will meet to discuss it.

Next steps

  • Bartosz, Sherry and I will meet to discuss the contents of T248632#6159036 and the remaining "Open questions" (see task description).
  • @matmarex + @Whatamidoing-WMF : before we meet, can you both please review the contents of TICKET with the following questions in mind?
    • What – if anything – is unexpected about the below?
    • What – if anything – do you think should be added to the below?

Update contents / implementation plan

I. The signature requirements the team will implement

The user signatures requirements that will be implemented as part of this project will be limited to those which directly affect the reliability of DiscussionTools. With this in mind, the changes that will be implemented are as follows:

  • 1. Disallow unclosed HTML tags
    • The scope of this requirement will be narrower than how it was defined in the original proposal.
    • Obsolete HTML tags, misnested tags and stripped tags within signatures will not be affected by the changes we are making as part of this proposal. These additional requirements were present in the original proposal and have since been removed as they do not directly affect the reliability of DiscussionTools.
  • 2. Disallow abuses of nested substitutions
    • The scope of this requirement will be implemented in the same way it was defined in the original proposal.
  • 3. Require a link to user page, talk page or contributions
    • @matmarex: we talked about expanding the scope of this requirement slightly to require said links to be local/internal links...what are the consequences of not specifying these links be local wikiilnks? What – if any – DT functionality would be negatively impacted by not requiring signatures to include local wikiilnks?
      • As you alluded to in T237700, it seems policies across wikis vary on this. For example: es.wiki seems to allow links to other WMF projects, "The firm must not include external links to sites other than Wikimedia Foundation projects". (translated) [1]. it.wiki's policy reads, "Publishing a link to an external site every time you sign a comment is an act generally similar to spamming."
      • Absent of: 1) consistency across policies on whether links to other wikis are NOT permissable and 2) links to a user's user page, talk page or contributions at another WMF project negatively impacting the reliability of DiscussionTools, I do not think we should expand the scope of this requirement to include a link to a local wikipage.

II. What the team will do about existing signatures that don't meet the new guidelines

  • When people with "invalidated" signatures attempt to post, their customized signature will be replaced with what that wiki has defined as the default user signature. On en.wiki, the default format is: [[User:NAME|NAME]] ([[User_talk:NAME|talk]]) TIME, DAY MONTH, YEAR (UTC) [1]
    • See below for how these changes will be implemented and communicated.

III. How and where will these changes be communicated

STEP 1: make people who have been following and involved with this consultation aware of its outcomes

  • Timing
    • As soon as this plan has been agreed upon.
  • Actions
    • A. Update project page to include a new section titled, "Consultation outcomes."
      • Contents
        • Summary of what will be changed
        • When these changes will be made
        • How these changes were decided upon
        • How these changes will be communicated

STEP 2: make people whose signature will become outdated aware of changes

  • Timing
    • As soon as "STEP 1" has been completed
  • Actions
    • A. Send mass message to people whose signatures will become outdated by change
      • Contents
        • What is changing
        • When these changes will be made
        • What they need to do to make their signature compliant with the new requirements
        • What will happen if they do not make their signature compliant with the new requirements by the time they go into effect
        • Why these changes are being made
        • How these changes were decided upon
        • Where they can go to learn more about these changes
    • B. Post on project page announcing mass messages have been sent to people whose signatures will be affected

STEP 3: Prevent new signatures from being saved that violate new requirements.

  • Timing
    • As soon as "STEP 2" has been completed
  • Actions
    • A. Implement validation errors
    • B. Post update to project page announcing implementation of validation errors.

STEP 4: make people who are likely to be interested in these changes aware of them

  • Timing
    • As soon as "STEP 3" has been completed
  • Actions
    • A. Post consultation outcomes to relevant technical spaces (e.g. tech news, village pump technical, bot operators' noticeboard, etc.)
      • Contents
        • Shortened versions of what we'll have posted to the project page in STEPS 1, 2 and 3
        • Instructions for how people can follow the progress of these changes (watching project page)

STEP 5: remind people whose signature will become outdated about forthcoming changes

  • Timing
    • > ≥ 2 months after "STEP 2"
  • Actions
    • A. Send second mass message to people whose signature will be invalidated
      • Contents
        • Date when they will no longer be able to use their now-invalidated signature
        • What will happen if/when they try to save a comment with a now-invalidated signature
    • B. Post on project page announcing mass messages have been sent to people whose signatures will be affected

STEP 6: When someone, with a now-invalidated signature, attempts to save a comment with their signature, replace said signature with that wiki's default.

  • Timing
    • Some TBD time after "STEP 5"
  • Actions
    • A. Write patches
    • B. Post on project page announcing patches have been written

  1. https://en.wikipedia.org/wiki/Wikipedia:Signatures

I am disappointed that obsolete tags are not being addressed in this phase. It seems like this means that obsolete tags are not really a problem to be fixed, if the WMF is willing to implicitly encourage them to proliferate on project pages. Perhaps the Linter "obsolete tag" checking should be deactivated, for consistency.

We asked for this signature validation four years ago (in task T140606, if not earlier), and this half-measure (or maybe two-thirds measure, depending on the answer to the question below) is as much as we are getting. Perhaps WMF should give up on some of this Linter stuff if it is unwilling to support the community's efforts to reduce new error proliferation.

Can you please clarify the types of Linter errors that will be ignored in signatures? There are two types of misnesting errors, one of which is a high priority error and one of which is medium priority. Based on the description above, my assumption is that obsolete HTML (low priority), stripped tags (low priority), and the medium-priority misnesting error will be ignored in the signature validation, but all other Linter errors will be disallowed. Is that accurate?

  • 3. Require a link to user page, talk page or contributions
    • As you alluded to in T237700, it seems policies across wikis vary on this. For example: es.wiki seems to allow links to other WMF projects, "The firm must not include external links to sites other than Wikimedia Foundation projects". (translated) [1]. it.wiki's policy reads, "Publishing a link to an external site every time you sign a comment is an act generally similar to spamming."

The policies you've quoted here say only that you can't put https://www.MyBlog.com into your sig. It does not say anything (either way) about whether a link to your local/global/any user page is required.

III. How and where will these changes be communicated

STEP 2: make people whose signature will become outdated aware of changes
STEP 3: Prevent new signatures from being saved that violate new requirements.
STEP 4: make people who are likely to be interested in these changes aware of them
STEP 5: remind people whose signature will become outdated about forthcoming changes

This is the wrong order. The correct order is:

  1. Warn the tech folks about incoming questions ("STEP 4")
  2. Stop the bleeding ("STEP 3")
  3. Ask affected people to update their sigs ("STEP 2")

"Warn the tech folks" and "Stop the bleeding" should happen in rapid succession. After that, we can take months to "Ask people".

The reason that we should use this order is because:

  • As soon as we stop the bleeding, the tech folks will get questions: How come I can't use the same style sig as that old editor? It won't save!
  • It will be much (much much much much) easier for non-technical people to update their sigs if the software no longer lets them save an invalid sig. If we "tell people" first, and "stop the bleeding" afterwards, then some people will dutifully try to fix their sig problem, put in another invalid sig, and then be very frustrated when they discover that the new sig is broken, too.

I'm not sure that your Step 5 to "Remind people" is necessary (beyond a note in Tech News). If people haven't fixed their broken sigs already, then they probably don't want to bother with it. However, if there's a year in between the original request and disabling invalid sigs, then a reminder is probably appropriate. (If we do it, "Remind people" should be close to the date when invalid sigs will disappear. A deadline of "tomorrow" focuses the attention better than "next month".)

This is the wrong order. The correct order is:

  1. Warn the tech folks about incoming questions ("STEP 4")
  2. Stop the bleeding ("STEP 3")
  3. Ask affected people to update their sigs ("STEP 2")

"Warn the tech folks" and "Stop the bleeding" should happen in rapid succession. After that, we can take months to "Ask people".

This is all correct, and it is important that these steps happen in rapid succession, as part of a scheduled plan that does not get interrupted or delayed indefinitely along the way. Please dedicate some actual resources to it and follow through.

In the past, WMF has announced that a change is coming (e.g. removal of magic links, which was announced in 2017 and still hasn't happened; see task T145604), diligent editors have worked hard to prepare for the change, and then WMF has failed to follow through. When this happens, WMF loses credibility, and the editors who ran around making a bunch of edits lose trust in WMF staff. I know life is crazy, and resources are always tight, but if you set expectations, you have to do what you say you are going to do. Let's use this task as an example of how the developer/editor partnership can work well.

I am disappointed that obsolete tags are not being addressed in this phase. It seems like this means that obsolete tags are not really a problem to be fixed, if the WMF is willing to implicitly encourage them to proliferate on project pages. Perhaps the Linter "obsolete tag" checking should be deactivated, for consistency.

We asked for this signature validation four years ago (in task T140606, if not earlier), and this half-measure (or maybe two-thirds measure, depending on the answer to the question below) is as much as we are getting. Perhaps WMF should give up on some of this Linter stuff if it is unwilling to support the community's efforts to reduce new error proliferation.

I wouldn't say they are "not a problem", but it's a relatively low severity problem. Also, this project is largely motivated by the needs of the DiscussionTools extension, and obsolete tags do not cause any issues in DiscussionTools. Sorry.

There have been many comments on the talk page worrying that this is not a good idea ("Support, but not sure about font"; "Support link, oppose linter"), and we're trying to limit ourselves to the less controversial improvements, so that we can actually make some changes, and not annoy and disrupt editors too much in the process.

If you convince the community of English Wikipedia (or any other project) that they should disallow obsolete HTML tags in signatures, then I'd be happy to make a config change that would enforce that (for that project only). But I don't think we can lead that effort.

Can you please clarify the types of Linter errors that will be ignored in signatures? There are two types of misnesting errors, one of which is a high priority error and one of which is medium priority. Based on the description above, my assumption is that obsolete HTML (low priority), stripped tags (low priority), and the medium-priority misnesting error will be ignored in the signature validation, but all other Linter errors will be disallowed. Is that accurate?

There was a mistake in @ppelberg's comment, I think it is my fault for not communicating the details clearly. Only obsolete HTML tags will remain allowed; all other lint errors, including misnested tags (both kinds) and stripped tags, will cause the signature to be invalid.

(Of course many of the lint error types are unlikely to appear in signatures, e.g. you probably won't have "Unclosed quote in heading" in your signature, but it will be invalid in case you try doing such a thing)

The comment should have been like this:

  • 1. Disallow unclosed HTML tags
    • The scope of this requirement will be narrower than how it was defined in the original proposal.
    • Obsolete HTML tags, misnested tags and stripped tags within signatures will not be affected by the changes we are making as part of this proposal. These additional requirements were present in the original proposal and have since been removed as they do not directly affect the reliability of DiscussionTools.

Thank you for this response. It was very clear.

Has a "Disallow obsolete HTML tags in signatures" Phab task been filed? The Editing team isn't doing that now, but there's no rule and no consensus against making that change separately, at a later time.

@Jonesey95, I'm the main bottleneck for those three steps. Expect me to come looking for your help.

ppelberg renamed this task from Publicize outcomes of new signature proposal discussions to Implement new signature requirements.Jun 5 2020, 5:22 PM
ppelberg updated the task description. (Show Details)
ppelberg updated the task description. (Show Details)

Next steps
I've represented all that we've discussed about what changes will be made and how they will be made in this task's description and the tickets contained within.

  • 1. @matmarex and ✅@Whatamidoing-WMF: can y'all please tell me whether there is anything unexpected in the task description and the tickets contained within?
  • 2. Once "1." is complete, we can start the next phase of this work.

EDIT: @Whatamidoing-WMF has reviewed see T248632#6208336

Task description update

  • ADDED:
6. Replace invalid signatures with defaultAt a time that has not yet been determined, existing signatures made invalid by any of the changes introduced in T140606, T230652 or T23770 will get replaced by a default signature.T255324
3. Implement software changesDeploy T140606, T230652 and T237700. Note: people with non-compliant signatures will not be affected at this point; they will still be able to use their signatures as they are, even after these changes are implemented.T140606 T230652 T237700

I've updated the patch that implements this (https://gerrit.wikimedia.org/r/c/mediawiki/core/+/569062) and it's ready for code review.

By default it only displays a message in Preferences, so we can merge it at any time without disrupting anyone.

It has configuration options to disallow new invalid signatures, and to disallow all invalid signatures, which we can toggle as part of step 4 (I'm not sure if that would happen before or after posting the messages?) and step 6.

Change 608619 had a related patch set uploaded (by Bartosz Dziewoński; owner: Bartosz Dziewoński):
[operations/mediawiki-config@master] Enable validation of new signatures

https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/ /608619

Change 608621 had a related patch set uploaded (by Bartosz Dziewoński; owner: Bartosz Dziewoński):
[operations/mediawiki-config@master] Enable validation of new signatures on Beta Cluster

https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/ /608621

Change 608621 merged by jenkins-bot:
[operations/mediawiki-config@master] Enable validation of new signatures on Beta Cluster

https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/ /608621

Change 608619 merged by jenkins-bot:
[operations/mediawiki-config@master] Enable validation of new signatures

https://gerrit.wikimedia.org/r/608619

Mentioned in SAL (#wikimedia-operations) [2020-07-06T18:30:56Z] <urbanecm@deploy1001> Synchronized wmf-config/InitialiseSettings.php: adffbe6: Enable validation of new signatures (T248632) (duration: 00m 57s)

This task appears to be stalled. There are currently 188 editors listed on https://signatures.toolforge.org/reports/en.wikipedia.org and that report is limited to editors who have posted on discussion pages in the previous three months. What needs to happen to eliminate non-compliant signatures?

Technically all that's required is to set $wgSignatureValidation = 'disallow'; in the configuration. Someone just needs to make sure that it's appropriate to do so, by sending announcements or holding discussions etc.

It appears that the "signature too long post substitution" detection is not working properly. As an example, user Adam Cuerden is listed at https://signatures.toolforge.org/reports/en.wikipedia.org but their expanded sig is fine. The problem may be that the tool does not fully expand the signature before testing it. See https://signatures.toolforge.org/check/en.wikipedia.org/Adam%20Cuerden

I'll casually pile on to say there's the same issue with my signature, which automatically changes based on the date, and is well under the limit after actually being saved to the page: https://signatures.toolforge.org/check/en.wikipedia.org/The%20Earwig

To be clear, validation at https://signatures.toolforge.org is completely unrelated to the validation of requirements in MediaWiki. If you're not seeing any warnings at https://en.wikipedia.org/wiki/Special:Preferences#mw-prefsection-personal-signature, your signature is okay, and you will not be affected if the configuration is changed to disallow invalid signatures. (Sadly there's no way to check this for other people.)

signatures.toolforge.org uses the expandtemplates API, which does not expand parserfunctions. In theory the parse API would work better, but I haven't investigated it.

I have closed an English Wikipedia RfC (permalink) finding consensus to apply signature validation to existing signatures ($wgSignatureValidation = 'disallow';), provided affected users are notified a month in advance.