Page MenuHomePhabricator
Create Task
Maniphest T308876

Improve comments in mediawiki-config about IPInfo
Closed, ResolvedPublic1 Estimated Story Points
Actions

Description

We should:

  • Remove an outdated comment saying that IPInfo access should be revoked from beta admins before deploying to production. (This is no longer the case, as explained in T270347#7851971.)
  • Add a comment to CommonSettings.php explaining that IPInfo access should not be updated without getting approval from Legal first, to avoid violating our contract with MaxMind

Details

SubjectRepoBranchLines +/-
Add comment to consult Legal before updating IPInfo accessoperations/mediawiki-configmaster+3 -0
Remove outdated comment about IPInfo from CommonSettings-labs.phpoperations/mediawiki-configmaster+0 -1
Customize query in gerrit

Related Objects

Event Timeline

Tchanders created this task.May 20 2022, 4:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 20 2022, 4:11 PM
Tchanders updated the task description. (Show Details)May 20 2022, 4:27 PM
gerritbot added a comment.May 20 2022, 4:31 PM

Change 793848 had a related patch set uploaded (by Tchanders; author: Tchanders):

[operations/mediawiki-config@master] Remove outdated comment about IPInfo from CommonSettings-labs.php

https://gerrit.wikimedia.org/r/793848

gerritbot added a project: Patch-For-Review.May 20 2022, 4:31 PM

Change 793849 had a related patch set uploaded (by Tchanders; author: Tchanders):

[operations/mediawiki-config@master] Add comment to consult Legal before updating IPInfo access

https://gerrit.wikimedia.org/r/793849

Tchanders claimed this task.May 20 2022, 4:31 PM
Tchanders moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 8: The Flat Cap) board.
Tchanders set the point value for this task to 1.
Tchanders added a subscriber: Niharika.May 23 2022, 6:56 PM
  • Add a comment to CommonSettings.php explaining that IPInfo access should not be updated without getting approval from Legal first, to avoid violating our contract with MaxMind

@Niharika - should this say Legal or AHT?

Dzahn subscribed.May 23 2022, 9:20 PM

@Niharika also see T263263 and T288844 . That is where we added the Maxmind license used for these additional databases. The request and license was provided by AH.

Dzahn added a comment.May 23 2022, 11:31 PM

fwiw: I don't think we can actually violate the contract. If we added databases we don't have a license for or it expires.. it would just fail to fetch those databases and alert us about it.

gerritbot added a comment.May 24 2022, 8:03 PM

Change 793848 merged by jenkins-bot:

[operations/mediawiki-config@master] Remove outdated comment about IPInfo from CommonSettings-labs.php

https://gerrit.wikimedia.org/r/793848

Stashbot added a comment.May 24 2022, 8:08 PM

Mentioned in SAL (#wikimedia-operations) [2022-05-24T20:08:55Z] <cjming@deploy1002> Synchronized wmf-config/CommonSettings-labs.php: Config: [[gerrit:793848|Remove outdated comment about IPInfo from CommonSettings-labs.php (T308876)]] (duration: 00m 49s)

gerritbot added a comment.May 24 2022, 8:53 PM

Change 793849 merged by jenkins-bot:

[operations/mediawiki-config@master] Add comment to consult Legal before updating IPInfo access

https://gerrit.wikimedia.org/r/793849

Stashbot added a comment.May 24 2022, 8:54 PM

Mentioned in SAL (#wikimedia-operations) [2022-05-24T20:54:48Z] <cjming@deploy1002> Synchronized wmf-config/CommonSettings.php: Config: [[gerrit:793849|Add comment to consult Legal before updating IPInfo access (T308876)]] (duration: 00m 52s)

Maintenance_bot removed a project: Patch-For-Review.May 24 2022, 9:30 PM
Tchanders moved this task from Code Review 🔍 to Done Q4 2022 on the Anti-Harassment (AHaT Sprint 8: The Flat Cap) board.May 25 2022, 12:30 PM

Having spoken with @Niharika, the Legal team were advising on who could access IPInfo without violating our contract with MaxMind. (The concern is rights being given too widely to access the currently-available databases.)

Niharika added a comment.May 27 2022, 1:23 AM
In T308876#7951028, @Tchanders wrote:
  • Add a comment to CommonSettings.php explaining that IPInfo access should not be updated without getting approval from Legal first, to avoid violating our contract with MaxMind

@Niharika - should this say Legal or AHT?

Yup! While the AHT team is in charge of handing out the rights, it is the Legal team who are advising on who can access the information, conforming with the ToS for MaxMind. So we should keep "Legal" in the wording.

Niharika closed this task as Resolved.Jun 14 2022, 5:01 PM
Niharika moved this task from Backlog to Closed on the IP Info board.Aug 8 2022, 7:58 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits