Page MenuHomePhabricator
Create Task
Maniphest T380020

Enable SecurePoll extension on zhwiki
Closed, ResolvedPublic
Actions

Description

With T301180: Allow local wikis to set up elections and message from T&S[1], zhwiki community have preliminarily reached a consensus to introduce SecurePoll, this task is set to summarise unattended technical question, and for further deployment use if needed.

Rationale

After the WMF Office Actions happens in Sept 2021, the Chinese Wikipedia community is seeking for a safer sysop election method for the maximum protection for the safety of voters. In Nov 2021, community ran a trial vote T295518: Carry out the zhwp trial admin voting decision elections on votewiki to test the functionality and collect community consensus of the adaptation of SecurePoll in further sysop/other advanced permission holder election. It turns out that the community agree to use SecurePoll feature for further voting, and up to now, the community have hosted 8 successful elections (May 2022 T308397, Sept 2022 T318147, Oct 2023 T342774, May 2024 T361902, Oct 2024 T377014, Apr 2025 T389915 / Jun 2024 de-adminship T368610 / Oct 2024 arbcom T377171).

However, in the past, when running elections that used SecurePoll, the community has found some problems. As setting up the polls heavily relies on the T&S team, there can be a significant wait when they are busy, especially when holidays are involved; the community need to consider if their voting period overlap with other votes. Besides, as the Chinese Wikipedia community is accustomed to having a separate voting page for each candidate, it is technically very cumbersome to configure and update the list of eligible voters, which can place a significant burden on the T&S team.

Switching to local SecurePoll setup will have these issues solved nicely.

Consensus

Per [1][2], the community has reached the below consensuses:

  • Setup SecurePoll locally for further local elections
  • Create group electionclerk (选举助理) to create/edit local securepoll . This group can be granted/removed by sysop (securepoll-create-poll, securepoll-edit-poll)
  • Create group scrutineer (选举监察员) for vote verification (strike ineligible votes). This group can be granted by steward to local NDA-ed user each time a local securepoll happens (securepoll-view-voter-pii)
  • Enable securepoll log wgSecurePollUseLogging
  • Use MediaWiki namespace to store securepoll configurations (wgSecurePollUseMediaWikiNamespace)

[1]: https://zh.wikipedia.org/wiki/Wikipedia_talk:安全投票#在本地啟用安全投票及electionadmin权限
[2]: https://zh.wikipedia.org/w/index.php?oldid=88512274#方针/操作手册讨论

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add messages for electionclerk groupmediawiki/extensions/WikimediaMessagesmaster+7 -0
zhwiki: Allow local securepoll setupoperations/mediawiki-configmaster+13 -0
Add messages for scrutineer groupmediawiki/extensions/WikimediaMessagesmaster+6 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Hamishcn created this task.Nov 15 2024, 10:36 AM
Restricted Application added subscribers: Stang, Aklapper. · View Herald TranscriptNov 15 2024, 10:36 AM
Hamishcn added a parent task: T301180: Allow local wikis to set up elections.Nov 15 2024, 10:37 AM
Hamishcn moved this task from Backlog to Extensions/Skins on the Chinese-Sites board.Nov 15 2024, 10:39 AM
Stang awarded a token.Nov 15 2024, 12:15 PM
JJMC89 edited projects, added Wikimedia-Extension-setup; removed MediaWiki-extensions-SecurePoll.Nov 15 2024, 10:22 PM
JJMC89 edited projects, added Wikimedia-Site-requests; removed Wikimedia-Extension-setup.Nov 15 2024, 10:26 PM
JJMC89 removed a parent task: T301180: Allow local wikis to set up elections.Nov 15 2024, 10:42 PM
JJMC89 added a subtask: T301180: Allow local wikis to set up elections.
ZhaoFJx subscribed.Nov 16 2024, 7:18 PM

Community suggeted three proposals, just for reference:

  1. Separate the two permissions of "securepoll-create-poll" and "securepoll-view-voter-pii" and grant them to different usergroups.
  2. All extended confirmed users can access the vote count datas, but only electionadmin can access the CU datas.
  3. Grant securepoll-create-poll directly to sysops, and only grant the sensitive view-voter-pii to supervisors.

1 and 3 can be tracked at T377531.

Stang added a comment.Nov 20 2024, 3:07 AM

All extended confirmed users can access the vote count datas

There's few possibility to push this, several latest elections related to zhwiki all restrict voter information to scrutineer only

Grant securepoll-create-poll directly to sysops, and only grant the sensitive view-voter-pii to supervisors.

These two have been posted on village pump for more than one week without objection, so I think consensus can been seen as reached. Patch in T377531: Ability to edit polls should be unbundled from securepoll-view-voter-pii / electionadmin was merged, and we want to test if such unbundle works as expected.

MdsShakil subscribed.Nov 23 2024, 1:38 PM
SD0001 mentioned this in T381197: Create views for SecurePoll db tables on Wiki Replicas.Nov 30 2024, 1:19 PM
gerritbot added a comment.Dec 6 2024, 9:43 AM

Change #1100228 had a related patch set uploaded (by Stang; author: Stang):

[operations/mediawiki-config@master] zhwiki: Allow local securepoll setup

https://gerrit.wikimedia.org/r/1100228

gerritbot added a project: Patch-For-Review.Dec 6 2024, 9:43 AM
gerritbot added a comment.Dec 8 2024, 9:54 AM

Change #1101189 had a related patch set uploaded (by Gerrit Patch Uploader; author: SunAfterRain):

[mediawiki/extensions/WikimediaMessages@master] Add messages for scrutineer group

https://gerrit.wikimedia.org/r/1101189

gerritbot added a comment.Dec 8 2024, 3:04 PM

Change #1101189 merged by jenkins-bot:

[mediawiki/extensions/WikimediaMessages@master] Add messages for scrutineer group

https://gerrit.wikimedia.org/r/1101189

SCP-2000 subscribed.Dec 8 2024, 3:09 PM
Stang changed the task status from Open to Stalled.Dec 8 2024, 3:18 PM

Waiting for T&S side approval, and waiting for the discussion of similar task for enwiki: T378287: Enable SecurePoll extension and electionclerk user group on enwiki

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.8; 2024-12-17).Dec 8 2024, 4:00 PM
jrbs subscribed.Dec 14 2024, 1:29 AM

I'm just confirming this with Security in case there's something I'm missing but I don't think we'd have a blocker for this.

gerritbot added a comment.Dec 14 2024, 2:55 AM

Change #1100228 had a related patch set uploaded (by Stang; author: Stang):

[operations/mediawiki-config@master] zhwiki: Allow local securepoll setup

https://gerrit.wikimedia.org/r/1100228

Stang added projects: Security, Security-Team.Dec 20 2024, 1:31 AM
In T380020#10404247, @jrbs wrote:

I'm just confirming this with Security in case there's something I'm missing but I don't think we'd have a blocker for this.

Tagging security-tram for attention. Is there any progress on this one?

jrbs added a comment.Dec 20 2024, 10:34 AM
In T380020#10417811, @Stang wrote:
In T380020#10404247, @jrbs wrote:

I'm just confirming this with Security in case there's something I'm missing but I don't think we'd have a blocker for this.

Tagging security-tram for attention. Is there any progress on this one?

I spoke (briefly) with them and there did not seem to be any objections to this. I would however be careful to only provide the PII right to those who have signed the NDA (i.e., what zhwiki already does) but otherwise I think it's fine.

Yahya subscribed.Dec 23 2024, 8:27 PM
0xDeadbeef changed the task status from Stalled to Open.Dec 28 2024, 5:19 AM
Yiming subscribed.Dec 28 2024, 5:42 AM
sbassett moved this task from Incoming to Watching on the Security-Team board.Jan 6 2025, 5:27 PM
sbassett added a project: SecTeam-Processed.
Stang added a subscriber: Urbanecm.Jan 14 2025, 2:50 AM

Hello @Urbanecm, would you mind have a look at this again? Thank you.

sbassett added subscribers: acooper, sbassett.Jan 14 2025, 4:02 PM

I don't believe the Security-Team has any issue with this in theory, unless @acooper has any specific concerns about various risks, etc.

Stang changed the task status from Open to Stalled.Jan 20 2025, 2:59 PM

FTR this task is currently blocked by T378287#10470310.

kostajh changed the status of subtask T301180: Allow local wikis to set up elections from Open to Stalled.Jan 30 2025, 7:49 AM
mszabo changed the status of subtask T301180: Allow local wikis to set up elections from Stalled to In Progress.Apr 18 2025, 3:06 PM
mszabo closed subtask T301180: Allow local wikis to set up elections as Resolved.Apr 23 2025, 8:45 AM
Stang changed the task status from Stalled to Open.Apr 24 2025, 2:21 AM

Blocker removed and I believe we can move forward

Stang renamed this task from Enable SecurePoll extension on zhwiki (tracking) to Enable SecurePoll extension on zhwiki.Apr 24 2025, 3:35 AM
Stang updated the task description. (Show Details)
jrbs mentioned this in T389915: zhwiki's admin election (Apr 2025).Apr 24 2025, 7:08 PM
Novem_Linguae subscribed.Apr 24 2025, 7:16 PM
Ericliu1912 subscribed.May 5 2025, 1:07 PM
1F616EMO subscribed.May 7 2025, 2:02 PM
gerritbot added a comment.Jul 23 2025, 1:27 AM

Change #1171756 had a related patch set uploaded (by Stang; author: Stang):

[mediawiki/extensions/WikimediaMessages@master] Add messages for electionclerk group

https://gerrit.wikimedia.org/r/1171756

Stang changed the task status from Open to In Progress.Jul 23 2025, 1:28 AM
Stang claimed this task.
Stang updated the task description. (Show Details)Jul 31 2025, 3:49 AM
Stashbot added a comment.Jul 31 2025, 1:15 PM

Mentioned in SAL (#wikimedia-operations) [2025-07-31T13:15:21Z] <Lucas_WMDE> created securepoll_log on zhwiki via sql.php (T380020)

gerritbot added a comment.Jul 31 2025, 1:20 PM

Change #1100228 merged by jenkins-bot:

[operations/mediawiki-config@master] zhwiki: Allow local securepoll setup

https://gerrit.wikimedia.org/r/1100228

Stashbot added a comment.Jul 31 2025, 1:21 PM

Mentioned in SAL (#wikimedia-operations) [2025-07-31T13:21:15Z] <lucaswerkmeister-wmde@deploy1003> Started scap sync-world: Backport for [[gerrit:1100228|zhwiki: Allow local securepoll setup (T380020)]]

Stashbot added a comment.Jul 31 2025, 1:23 PM

Mentioned in SAL (#wikimedia-operations) [2025-07-31T13:23:33Z] <lucaswerkmeister-wmde@deploy1003> stang, lucaswerkmeister-wmde: Backport for [[gerrit:1100228|zhwiki: Allow local securepoll setup (T380020)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.

Stashbot added a comment.Jul 31 2025, 1:30 PM

Mentioned in SAL (#wikimedia-operations) [2025-07-31T13:30:39Z] <lucaswerkmeister-wmde@deploy1003> Finished scap sync-world: Backport for [[gerrit:1100228|zhwiki: Allow local securepoll setup (T380020)]] (duration: 09m 24s)

gerritbot added a comment.Jul 31 2025, 2:21 PM

Change #1171756 merged by jenkins-bot:

[mediawiki/extensions/WikimediaMessages@master] Add messages for electionclerk group

https://gerrit.wikimedia.org/r/1171756

Stang closed this task as Resolved.Jul 31 2025, 2:47 PM
Stang moved this task from Extensions/Skins to Closed on the Chinese-Sites board.
Stang removed a project: Patch-For-Review.
ReleaseTaggerBot added a project: MW-1.45-notes (1.45.0-wmf.13; 2025-08-05).Jul 31 2025, 4:00 PM
ZhaoFJx awarded a token.Aug 4 2025, 2:53 AM
Novem_Linguae mentioned this in T403336: Requesting access to analytics-privatedata-users for Novem Linguae.Aug 31 2025, 2:27 AM
Stang unsubscribed.Oct 14 2025, 1:27 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits