Page MenuHomePhabricator

Create SecurePoll voter list for 2021 board vote
Closed, ResolvedPublic


bv2021/populateEditCount.php is backported and deployed and is now running on mwmaint2002. This will insert local edit counts into the bv2021_edits table on each wiki.

Previously, bv2017/voterList.php was used to iterate through all global users, aggregating local edit counts and adding qualified voters to the centralauth.securepoll_lists table. I think this script would be a good candidate for some light refactoring, moving the constants out to command line arguments so that the script doesn't need to be copied and modified for each election. The idea is that I have until populateEditCount.php completes to get that done, which will probably be a few days.

After securepoll_lists is populated, an election can be created with the name of the list in the need-central-list property. This property is not accessible via the web UI.

If populateEditCount.php takes too long, there are couple of optimisation measures that could be used:

  • Skipping users with user_editcount = 0. Best if done in large batches along with the actor query.
  • Limiting the count to 300 with Database::selectRowCount() instead of SELECT COUNT(*)

But if it's fast enough, any further work on populateEditCount.php would wait until after the election.

Event Timeline

I don't know whether this is relevant here or only in T287023: Sending two mass emails to eligible voters for the board elections 2021, but just in case, I'll mention the need to skip bot accounts.

In previous years the requirement that the voter not be a bot has been implemented by rejecting the user when they attempt to vote, based on whether they have the "bot" user right on the local wiki on which they jump from. So if a user has the "bot" right on one wiki, and does not have it on another wiki, they may vote by going to the other wiki. This would seem to be supported by the language of the eligibility criteria, although it's likely that technical requirements informed the criteria rather than the criteria informing the implementation.

Note that edits made on a wiki in which the user is a bot do count towards the edit count criteria. So a bot on could attach an account on some random wiki, say, and may then vote from on the strength of their bot edits made on It would make more sense if bot accounts were disqualified if they have the bot right on any attached wiki.

For the purposes of sending emails, we will have a global user list of voters qualified by edit counts alone, including bots and blocked users. In previous elections, emails were apparently sent to all users on this list. To exclude bots, we could check bot rights on all attached accounts as we extract email addresses from the global user list. Thus we would not send emails to bots even if they are qualified under the loophole discussed above.

Or we could disqualify bots by removing them from the global voter list if they have bot rights anywhere, taking a broader definition of a bot and closing the loophole. Then such bots would naturally not receive a notification and would not be allowed to vote.

Note that bot rights can change. A user might be a bot now, but cease to be a bot before the election. We could disqualify users who are bots now, and consider on a case-by-case basis whether to allow users who cease to be bots, if they make a request to an election administrator.

populateEditCount.php status:

  • enwiki is still running, it's done 25M of 42M users.
  • s3 got stuck for a while on loginwiki. I killed it, since loginwiki only has 37 edits in total. Now it's up to mediawikiwiki.

populateEditCount.php is done. The next step is makeGlobalVoterList.php which I'll start soon. It should be much quicker than populateEditCount.php.

Election committee says: do not change the qualification rules for bots at this stage. I have a script almost ready which will find all bots globally and add them to a SecurePoll list. I think I'll run it and use it for email filtering, but it will not affect qualifications.

Mentioned in SAL (#wikimedia-operations) [2021-08-06T03:54:06Z] <tstarling@deploy1002> Synchronized php-1.37.0-wmf.17/extensions/SecurePoll/cli/wm-scripts/makeGlobalVoterList.php: need to run this script T288025 (duration: 00m 57s)

This is done. There are 67305 voters qualified by edit count, including bots and blocked users. I looked at the first 100 entries by gu_id, and it seemed plausible.

I documented the process at