Page MenuHomePhabricator
Create Task
Maniphest T254799

Rename wikimedia/password-blacklist library
Closed, ResolvedPublic
Actions

Description

"Blacklist" is a problematic term, and not descriptive. Why are these bad passwords?

Details

SubjectRepoBranchLines +/-
Update a few places to use new name "CommonPasswords"mediawiki/libs/CommonPasswordsmaster+5 -5
Remove PasswordBlacklist compatmediawiki/libs/CommonPasswordsmaster+1 -24
Deprecate PasswordNotInLargeBlacklistmediawiki/coremaster+23 -16
Replace password-blacklist with common-passwordsmediawiki/coremaster+3 -1
Replace password-blacklist with common-passwordsmediawiki/vendormaster+175 -100 K
Remove PasswordBlacklist from CIintegration/configmaster+0 -7
Rename library to CommonPasswordsmediawiki/libs/CommonPasswordsmaster+129 -106
Add CommonPasswords to CIintegration/configmaster+7 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedNoneT254646 Reconsidering how we name things
 ResolvedReedyT254799 Rename wikimedia/password-blacklist library

Event Timeline

cscott created this task.Jun 8 2020, 6:29 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 8 2020, 6:30 PM
cscott added a parent task: T254646: Reconsidering how we name things.Jun 8 2020, 6:30 PM
cscott mentioned this in T254796: Replace "blacklist" and "whitelist" with more appropriate terms.
Reedy subscribed.Jun 8 2020, 6:36 PM

common-passwords or something probably works going forward, as per

PasswordBlacklist is a password blacklist implemented to provide NIST best practices of black listing the 100,000 most used passwords.

cscott mentioned this in T254646: Reconsidering how we name things.Jun 8 2020, 6:36 PM
Legoktm subscribed.Jun 8 2020, 10:44 PM

We need a phab project for this library.

common-passwords sounds good to me. If we think it's likely we add in another list of passwords in the future, then maybe password-list?

Technically, to rename the library we need to update composer.json with the new name, putting the old name in replace, submit the new library to packagist and abandon the old one. And then our own side of things to rename the git repo, CI, docs, etc.

Reedy added a comment.Jun 8 2020, 10:54 PM

password-list seems odd; why would you have a list of passwords.. :)

ill-advised-passwords, forbidden-passwords, rejected-passwords, stop-using-that-password...

I suspect we could have other password lists later, or larger ones etc.

Reedy claimed this task.Jun 8 2020, 11:20 PM

Anyway. Decide on a name and I'll clean this one up seeing as I named it originally

Izno added a project: MediaWiki-User-login-and-signup.Jun 9 2020, 2:18 AM
Aklapper added a comment.Jun 9 2020, 5:35 AM
In T254799#6204188, @Legoktm wrote:

We need a phab project for this library.

Feel free to request one if its maintainers/code stewards agree.

Reedy added a comment.Jun 11 2020, 12:56 AM

Any further ideas/suggestions on what the new name should be? :)

Aklapper added a comment.Jun 11 2020, 5:37 AM

common-passwords or common-password-denylist. Shrug.

gerritbot added a comment.Jun 11 2020, 1:31 PM

Change 604705 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/libs/CommonPasswords@master] Rename library to CommonPasswords

https://gerrit.wikimedia.org/r/604705

gerritbot added a project: Patch-For-Review.Jun 11 2020, 1:31 PM
Reedy edited projects, added CommonPasswords; removed MediaWiki-User-login-and-signup.Jun 11 2020, 1:32 PM
gerritbot added a comment.Jun 11 2020, 1:35 PM

Change 604706 had a related patch set uploaded (by Reedy; owner: Reedy):
[integration/config@master] Add CommonPasswords to CI

https://gerrit.wikimedia.org/r/604706

gerritbot added a comment.Jun 11 2020, 1:35 PM

Change 604707 had a related patch set uploaded (by Reedy; owner: Reedy):
[integration/config@master] Remove PasswordBlacklist from CI

https://gerrit.wikimedia.org/r/604707

gerritbot added a comment.Jun 11 2020, 1:36 PM

Change 604706 merged by jenkins-bot:
[integration/config@master] Add CommonPasswords to CI

https://gerrit.wikimedia.org/r/604706

Stashbot added a comment.Jun 11 2020, 1:37 PM

Mentioned in SAL (#wikimedia-releng) [2020-06-11T13:37:05Z] <Reedy> Reloading Zuul to deploy https://gerrit.wikimedia.org/r/604706 T254799

gerritbot added a comment.Jun 11 2020, 2:10 PM

Change 604705 merged by jenkins-bot:
[mediawiki/libs/CommonPasswords@master] Rename library to CommonPasswords

https://gerrit.wikimedia.org/r/604705

gerritbot added a comment.Jun 11 2020, 2:20 PM

Change 604721 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/vendor@master] Replace password-blacklist with common-passwords

https://gerrit.wikimedia.org/r/604721

gerritbot added a comment.Jun 11 2020, 2:32 PM

Change 604726 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/core@master] Replace password-blacklist with common-passwords

https://gerrit.wikimedia.org/r/604726

gerritbot added a comment.Jun 11 2020, 2:32 PM

Change 604727 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/core@master] Deprecate PasswordNotInLargeBlacklist

https://gerrit.wikimedia.org/r/604727

gerritbot added a comment.Jun 11 2020, 2:34 PM

Change 604729 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/libs/CommonPasswords@master] Remove PasswordBlacklist compat

https://gerrit.wikimedia.org/r/604729

gerritbot added a comment.Jun 11 2020, 2:38 PM

Change 604707 merged by jenkins-bot:
[integration/config@master] Remove PasswordBlacklist from CI

https://gerrit.wikimedia.org/r/604707

Stashbot added a comment.Jun 11 2020, 2:44 PM

Mentioned in SAL (#wikimedia-releng) [2020-06-11T14:44:33Z] <Reedy> rm -rf doc1001:/srv/docroot/org/wikimedia/doc/mediawiki-libs-PasswordBlacklist T254799

Reedy updated the task description. (Show Details)Jun 11 2020, 2:50 PM
Reedy updated the task description. (Show Details)
gerritbot added a comment.Jun 15 2020, 6:32 PM

Change 604721 merged by jenkins-bot:
[mediawiki/vendor@master] Replace password-blacklist with common-passwords

https://gerrit.wikimedia.org/r/604721

gerritbot added a comment.Jun 15 2020, 6:33 PM

Change 604726 merged by jenkins-bot:
[mediawiki/core@master] Replace password-blacklist with common-passwords

https://gerrit.wikimedia.org/r/604726

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.37; 2020-06-16).Jun 15 2020, 7:00 PM
gerritbot added a comment.Jun 15 2020, 7:16 PM

Change 604727 merged by jenkins-bot:
[mediawiki/core@master] Deprecate PasswordNotInLargeBlacklist

https://gerrit.wikimedia.org/r/604727

Reedy updated the task description. (Show Details)Jun 15 2020, 9:40 PM
gerritbot added a comment.Jun 16 2020, 11:56 AM

Change 604729 merged by jenkins-bot:
[mediawiki/libs/CommonPasswords@master] Remove PasswordBlacklist compat

https://gerrit.wikimedia.org/r/604729

gerritbot added a comment.Jun 16 2020, 6:08 PM

Change 605980 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/core@master] Deprecate PasswordCannotMatchBlacklist

https://gerrit.wikimedia.org/r/605980

dom_walden mentioned this in T256374: "No check defined for 'PasswordNotInCommonBlacklist'" on beta.Jun 25 2020, 2:35 PM
dom_walden subscribed.

@Reedy Is this related: T256374?

Reedy added a comment.Jun 25 2020, 2:38 PM
In T254799#6256659, @dom_walden wrote:

@Reedy Is this related: T256374?

Kinda. But more I fudged https://gerrit.wikimedia.org/r/#/c/operations/mediawiki-config/+/605904/

Reedy closed this task as Resolved.Aug 26 2020, 7:35 PM
Reedy removed a project: Patch-For-Review.
Reedy updated the task description. (Show Details)
gerritbot added a comment.Apr 16 2021, 12:20 AM

Change 680008 had a related patch set uploaded (by DannyS712; author: DannyS712):

[mediawiki/libs/CommonPasswords@master] Update references to old name "PasswordBlacklist"

https://gerrit.wikimedia.org/r/680008

gerritbot added a project: Patch-For-Review.Apr 16 2021, 12:20 AM
DannyS712 subscribed.Apr 16 2021, 12:25 AM

PasswordBlacklist is also still listed at https://doc.wikimedia.org/cover/ (along with CommonPasswords - maybe just the old entry needs deletion?) but I couldn't figure out where the data for that comes from

Stashbot added a comment.Apr 16 2021, 12:30 AM

Mentioned in SAL (#wikimedia-operations) [2021-04-16T00:30:57Z] <Krinkle> Delete old data at doc1001:/srv/doc/cover/PasswordBlacklist (ref T254799)

gerritbot added a comment.Apr 16 2021, 3:15 PM

Change 680008 merged by jenkins-bot:

[mediawiki/libs/CommonPasswords@master] Update a few places to use new name "CommonPasswords"

https://gerrit.wikimedia.org/r/680008

DannyS712 removed a project: Patch-For-Review.Apr 16 2021, 3:32 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits