This seems a little stuck, so I went ahead and boldly added some acceptance criteria.

I think this is better as a permission than a configuration variable - it's not inconceivable that on some third-party wiki farm the same wiki would be used for both global and local votes with different rules.

Wouldn't this create technical debt by creating extra user permissions that no one in any Wikifarm currently uses, and no one in the Wikimedia wikifarm needs?

Perhaps a good compromise would be to default $wgSecurePollAllowGlobalElectionCreation to true. This would be fully backwards compatible, and we can turn it off in our own wikifarm's config really easily.

However I think there's an argument to default it to false too. I kind of doubt that other wikifarms use the global elections feature.

No, votewiki would use it.

My idea was to have a securepoll-create-global permission be the only control. That's no more tech debt than the corresponding config variable.

I think that would add a third acceptance criteria of having to change some Special:UserGroupRights on votewiki. Not a deal breaker, but an extra step.

Anyone from Trust & Safety Product want to weigh in? Let's get the acceptance criteria hammered out, then I'll write some patches.

In T384302#10710629, @Novem_Linguae wrote:

I think that would add a third acceptance criteria of having to change some Special:UserGroupRights on votewiki. Not a deal breaker, but an extra step.

Anyone from Trust & Safety Product want to weigh in? Let's get the acceptance criteria hammered out, then I'll write some patches.

Note after T335002: Move SecurePoll election setup from votewiki to metawiki global elections will be moved to metawiki and votewiki may probably no longer exist.

Hi. Trust and Safety Product Team engineer speaking here.

The current acceptance criteria of using site configuration looks good to the engineers. We can't really see a use-case for WMF wikis of having different tiers of access for the same wiki (i.e. the idea of the securepoll-create-global group), so not sure that the additional translation burden of a new user right is worth choosing that method instead. If T335002: Move SecurePoll election setup from votewiki to metawiki gets worked on, the metawiki config would presumably be set to true.

Thanks for adding acceptance criteria!

In T384302#10712056, @Bugreporter wrote:

Note after T335002: Move SecurePoll election setup from votewiki to metawiki global elections will be moved to metawiki and votewiki may probably no longer exist.

Should be OK to assume that things are staying on votewiki for the purposes of this ticket.

In T384302#10712610, @Dreamy_Jazz wrote:

The current acceptance criteria of using site configuration looks good to the engineers.

Sounds good. Will proceed as planned then.

Notes for myself

To properly test this, I'll probably need to set up a wikifarm in localhost. I did some googling just now and this method looks the most promising since I'm already using MediaWiki Docker: https://www.mediawiki.org/wiki/MediaWiki-Docker/Configuration_recipes/Wiki_farm . Will work on getting this working.

I will also need to wrap my head around "redirect elections" (jump-urls). If we have a wikifarm with 1000 wikis, and we create a SecurePoll election on one, do the other 999 automatically get jump URLs? Hypothesis: Yes. Will test this once I have a wikifarm working in localhost.

Are jump URLs something that we need to turn off with the new $wgSecurePollAllowGlobalElectionCreation variable? Unsure. Jump URLs don't really hurt anything. But they do fill up the Special:SecurePoll page with a lot of noise.

To investigate: for jump URLs, is there a designated "main wiki" somewhere (such as votewiki), and jump URLs are only created from non-votewiki to votewiki? Or is it bidirectional?

The main thing that $wgSecurePollAllowGlobalElectionCreation should probably turn off is this dropdown list in Special:SecurePoll/create that only shows up when a wikifarm is detected:

Will need to make sure it turns off both the printing of this dropdown list, and the form validation for it.

To be continued...

I spent a couple hours on this. I got a wiki farm running on my localhost Docker and was able to test things and wrap my head around how the "For wiki:" drop-down list works.

I have documented what I found at https://www.mediawiki.org/wiki/Extension:SecurePoll#Redirect_polls

If we have a wikifarm with 1000 wikis, and we create a SecurePoll election on one, do the other 999 automatically get jump URLs?

Only if you pick "All wikis" in the drop-down list. So only for truly global elections, such as a Board of Trustees election. If T&S were to create a Chinese Wikipedia Admin Election on VoteWiki, and choose "Chinese Wikipedia", English Wikipedia would not get a redirect poll. Which is good, because that would be spammy.

This should also mean that someone creating lots of local elections wouldn't spam redirect polls on the other 1000 wikis. Also good.

I now feel very confident that this ticket can be resolved simply by writing a patch that checks a config variable and turns off the drop-down list. I think that should be enough to prevent local wikis from creating global elections or from creating redirect polls on other wikis. Will write the patches shortly.

Change #1134659 had a related patch set uploaded (by Novem Linguae; author: Novem Linguae):

[mediawiki/extensions/SecurePoll@master] add $wgSecurePollEditOtherWikis

https://gerrit.wikimedia.org/r/1134659

Change #1134660 had a related patch set uploaded (by Novem Linguae; author: Novem Linguae):

[operations/mediawiki-config@master] InitializeSettings: add wgSecurePollEditOtherWikis

https://gerrit.wikimedia.org/r/1134660

Change #1134660 merged by jenkins-bot:

[operations/mediawiki-config@master] InitializeSettings: add wgSecurePollEditOtherWikis

https://gerrit.wikimedia.org/r/1134660

Mentioned in SAL (#wikimedia-operations) [2025-04-10T18:32:26Z] <jforrester@deploy1003> Started scap sync-world: Backport for [[gerrit:1135807|WikifunctionsClientUsageUpdateJob: Also init targetPageNamespace]], [[gerrit:1135808|Special pages: Don't list or let execute repo-only ones on client wikis (T391594)]], [[gerrit:1134660|InitializeSettings: add wgSecurePollEditOtherWikis (T384302)]]

Mentioned in SAL (#wikimedia-operations) [2025-04-10T18:37:17Z] <jforrester@deploy1003> novemlinguae, jforrester: Backport for [[gerrit:1135807|WikifunctionsClientUsageUpdateJob: Also init targetPageNamespace]], [[gerrit:1135808|Special pages: Don't list or let execute repo-only ones on client wikis (T391594)]], [[gerrit:1134660|InitializeSettings: add wgSecurePollEditOtherWikis (T384302)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Mentioned in SAL (#wikimedia-operations) [2025-04-10T18:45:09Z] <jforrester@deploy1003> Finished scap sync-world: Backport for [[gerrit:1135807|WikifunctionsClientUsageUpdateJob: Also init targetPageNamespace]], [[gerrit:1135808|Special pages: Don't list or let execute repo-only ones on client wikis (T391594)]], [[gerrit:1134660|InitializeSettings: add wgSecurePollEditOtherWikis (T384302)]] (duration: 12m 42s)

Change #1134659 merged by jenkins-bot:

[mediawiki/extensions/SecurePoll@master] add $wgSecurePollEditOtherWikis

https://gerrit.wikimedia.org/r/1134659

Change #1137441 had a related patch set uploaded (by Máté Szabó; author: Máté Szabó):

[mediawiki/extensions/SecurePoll@master] Add integration tests for poll creation

https://gerrit.wikimedia.org/r/1137441

Change #1137441 merged by jenkins-bot:

[mediawiki/extensions/SecurePoll@master] Add integration tests for poll creation

https://gerrit.wikimedia.org/r/1137441