@ifried Noting that the patch for adding the policy message is still under review (T309332). If we need to change it, I'd suggest changing the AC of that task and closing this one, so that I can update the patch with the new version already.

@Daimona Thanks for the update! I need to confirm the finalized language based on feedback from Legal (which I will be working on getting next week, hopefully). In that case, would you prefer to keep T309332 under review until we get the information? I'm open to whatever process works best for folks.

In T316408#8190355, @Daimona wrote:

@ifried Noting that the patch for adding the policy message is still under review (T309332). If we need to change it, I'd suggest changing the AC of that task and closing this one, so that I can update the patch with the new version already.

Actually, we may or may not want to do that... The previous message (mentioning terms of use and privacy policy) is Wikimedia-specific and not for third parties. The question is whether the messages described here (about the username being publicly displayed and tracking tools) should also be Wikimedia-only or also for third parties. If we want them to appear for third parties as well, it's fine to keep this as a separate task.

Hmmm, good question. The suggestions for these new messages *did* come from internal Wikimedia teams, but they apply to general functionality that would apply to all users (i.e., usernames are displayed, and organizers can push usernames to tracking tools like the P+E Dashboard). This means that it could be helpful to anyone who uses our tools, including third-party users. I've made a note to ask Legal what they recommend in a follow-up meeting, but I'm inclined to think that these messages could be useful for all use cases (including third-party).

In T316408#8190478, @ifried wrote:

Hmmm, good question. The suggestions for these new messages *did* come from internal Wikimedia teams, but they apply to general functionality that would apply to all users (i.e., usernames are displayed, and organizers can push usernames to tracking tools like the P+E Dashboard). This means that it could be helpful to anyone who uses our tools, including third-party users. I've made a note to ask Legal what they recommend in a follow-up meeting, but I'm inclined to think that these messages could be useful for all use cases (including third-party).

Yup, I agree with that, and it would possibly make things simpler. Let's keep this as a separate task then.

Sounds good. Thanks for helping me flesh that out.

Just to clarify, is this a requirement for DS since it comes from Legal/Sec/T&S? @ifried @vyuen

@Daimona Yes, it is a requirement from DS for the reasons you mentioned.

@ifried Thank you, just one note re confidential registration. T317320 is still in progress, but IIRC one of the options is to add a checkbox to the policy modal. In that case, maybe the text should be rearranged so that the part about usernames appearing on the event page would be the label for the checkbox. So maybe we should wait until T317320 is done before finalizing the language here.

@Daimona Right after I wrote that it is a part of dark ship, I wondered, 'Wait, is it?' Since the purpose of dark ship is just to fulfill the technical must-haves, and it will not be used by anyone yet, it is probably fine to save this work to the General Release since it is only necessary when people actually register for events. What do you think? Does that make sense?

As to your second point: Thanks for the update! In that case, yes, I agree that we should wait for T317320 to be completed before we finalize this language. I will add a note about this dependency to the ticket.

In T316408#8245838, @ifried wrote:

@Daimona Right after I wrote that it is a part of dark ship, I wondered, 'Wait, is it?' Since the purpose of dark ship is just to fulfill the technical must-haves, and it will not be used by anyone yet, it is probably fine to save this work to the General Release since it is only necessary when people actually register for events. What do you think? Does that make sense?

It makes sense to me, but I don't know if Legal/T&S would agree. The same thing could be said about confidential registration, yet we're trying to squeeze it in ASAP.

@ifried @Daimona neither this nor the confidential registration stuff (T316405) are necessary for Darkship, but rather for V1. This ticket was included in DS only because it was an already in-progress item when I was sorting out the DS requirements. If this has an external dependency that will take some time, we should move it out of DS to reflect what's absolutely necessary for that ship -- doing that now :)

In T316408#8247705, @vyuen wrote:

@ifried @Daimona neither this nor the confidential registration stuff (T316405) are necessary for Darkship, but rather for V1. This ticket was included in DS only because it was an already in-progress item when I was sorting out the DS requirements. If this has an external dependency that will take some time, we should move it out of DS to reflect what's absolutely necessary for that ship -- doing that now :)

Thanks for clarifying! I guess what confused me is that I understood the legal requirements as "you cannot deploy this code unless it has X" (X being the correct policy message, or confidential registration). But then I guess the actual requirement is "nobody can use this system unless it has X", meaning we can implement X later on, as long as nobody's able to use the extension until then.

Yup, makes sense, @vyuen! Thanks for bringing clarity to the conversation :)