Page MenuHomePhabricator

Enable Facebook login on Wikimedia wikis
Closed, DeclinedPublic

Description

Other sites have "Login with Facebook".
Wikipedia should too!

At least leave this open as a long term goal 'LATER'.


Pros

  • Facebook has over a billion registered users, including many/most current Wikimedians
  • No need for yet another username/password

Cons

  • Facebook is evil

Details

Reference
bz59631

Related Objects

StatusAssignedTask
DeclinedNone
OpenNone
Resolvedbrion
ResolvedNone
ResolvedNone
ResolvedParent5446
ResolvedNone
ResolvedWikinaut
OpenNone
ResolvedNone
ResolvedWikinaut
ResolvedWikinaut
OpenNone
OpenNone
ResolvedWikinaut
ResolvedWikinaut
ResolvedWikinaut
DeclinedWikinaut
DeclinedWikinaut
OpenNone
ResolvedWikinaut
InvalidWikinaut
InvalidWikinaut
ResolvedWikinaut
OpenNone
OpenNone
ResolvedTgr
ResolvedAnomie
ResolvedJoe
ResolvedJoe
Resolvedhashar
Resolvedbd808
ResolvedAnomie
ResolvedKrinkle
OpenNone
ResolvedJanZerebecki
ResolvedKrinkle
ResolvedTgr
ResolvedWikinaut
ResolvedWikinaut
ResolvedWikinaut
OpenNone
OpenNone
ResolvedWikinaut
OpenNone
OpenNone
OpenNone
OpenNone
OpenNone
OpenNone
ResolvedWikinaut

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Qgil renamed this task from Login with Facebook to Enable Facebook Login in Wikimedia servers.Mar 12 2015, 9:07 AM
Qgil updated the task description. (Show Details)
Qgil set Security to None.
Qgil added a subscriber: Qgil.Mar 12 2015, 9:10 AM

I don't see the Wikimedia movement enabling such huge endorsement to a private company, and I think we should simply decline this task.

Krenair closed this task as Declined.Mar 12 2015, 1:44 PM
Krenair claimed this task.

Agreed, this is declined.

MZMcBride reopened this task as Open.Jul 18 2015, 7:48 PM
MZMcBride added a subscriber: MZMcBride.

I don't see the Wikimedia movement enabling such huge endorsement to a private company, and I think we should simply decline this task.

Facebook and Google have hundreds of millions more users than Wikimedia wikis. How is Facebook or Google being private companies relevant here? If users want to be able to log in to Wikimedia wikis with Facebook or Google credentials, what's the problem with allowing that?

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 18 2015, 7:48 PM
Krenair removed Krenair as the assignee of this task.Jul 18 2015, 7:52 PM
Nemo_bis changed the task status from Open to Stalled.EditedJul 18 2015, 7:54 PM
Nemo_bis added a subscriber: Nemo_bis.

I think "declined" was a proper status: there is practically zero demand for this feature and that implementing it would require an enormous consensus, given we would encourage users to surrender their privacy etc. by chaining themselves to said external services.

It's fine to keep the report open so that the matter can be discussed, but consensus must be found on-wiki. Do you want to open an RfC?

Petrb added a comment.Jul 18 2015, 9:44 PM

I would like to see this feature enabled. Not only for facebook or google but for any reliable oauth provider. This effectively makes the demand greater than zero, even if it might be still small :P

Petrb added a comment.Jul 18 2015, 9:45 PM

This doesn't surrender anyone's privacy. Existing users would be in now way forced to use the google or facebook, BTW I believe that both facebook and google probably cares about privacy far more than wikimedia :P

Petrb changed the task status from Stalled to Open.Jul 18 2015, 9:46 PM

How is this stalled we are actively discussing it right now

brion closed this task as Declined.Jul 18 2015, 9:47 PM
brion claimed this task.
brion added a subscriber: brion.

This will not be done.

I think "declined" was a proper status: there is practically zero demand for this feature and that implementing it would require an enormous consensus, given we would encourage users to surrender their privacy etc. by chaining themselves to said external services.

It looks like any discussion about implementing this functionality gets summarily closed. Saying that there's "zero demand" is extremely dubious in such a hostile environment.

It's fine to keep the report open so that the matter can be discussed, but consensus must be found on-wiki.

Consensus for what, exactly? You want the millions of Facebook and Google users to agree to use Facebook and Google? How are you impacted as a user if someone else can log in via Facebook or Google?

This will not be done.

Why not?

This will not be done.

Why not?

Because Brion is overlord of wikimedia and he doesn't like big and rich companies :P

Now on more serious note: I myself believe that having this option would bring significant amount of contributors to wikipedia and lowered amount of IP editors incredibly, probably about 90% of them have facebook. That on other hand isn't precisely what developers want. It also involves lot of programming, that's also what they don't want to do :) and having some solid IP's might be better to some (admins mostly) than just facebook names.

MZMcBride reopened this task as Open.Jul 19 2015, 5:59 AM

I'm re-opening this task for further consideration. In my opinion, the current hand-wavy "people would object" and "we can't possibly" arguments presented in this task don't hold enough weight to stand on their own.

I have a Facebook account. Brion, Nemo, Quim, Petr, Krenair, and Reedy all have Facebook accounts as well. So, very respectfully, I'm calling bullshit on the idea that you can't be both a Wikimedian and a Facebook user.

(The same is true for Google. Many Wikimedians have Gmail accounts. The Wikimedia Foundation itself switched to Google Apps several years ago, meaning that every wikimedia.org e-mail address is also a Google account, as I understand it.)

There may be good reasons to not support Facebook logins. For example, it's still not clear to me whether Facebook supports OpenID or whether Wikimedia is interested in using OpenID. However, if we decline this task, we should do so only alongside a clear and specific articulation of why this request has failed.

Given the incredibly widespread use and adoption of platforms such as Facebook and Google, at least considering allowing users to log in with them seems completely reasonable. As Petr points out, this could mitigate the need to use IP addresses. Of course the current user authentication system is hairy (CentralAuth blehhh) and it may be better to prioritize other authentication features (such as login via e-mail address and case-insensitive login), but that doesn't mean that we can't simultaneously consider this request.

MZMcBride renamed this task from Enable Facebook Login in Wikimedia servers to Enable Facebook login on Wikimedia wikis.Jul 19 2015, 6:01 AM

I would not like the idea of using facebook to authenticate privileged users. That gives a lot of power to facebook that they could in theory abuse.

Nemo_bis added a comment.EditedJul 19 2015, 8:40 AM

I have a Facebook account. Brion, Nemo, Quim, Petr, Krenair, and Reedy all have Facebook accounts as well.

Hey, that's outing and libel! I don't really have a Facebook account, I was forced to create one and I don't even remember the password.

That gives a lot of power to facebook that they could in theory abuse.

And it's not just theory. Look at how Google regularly abuses people authenticating to it in order to impose their favorite technologies.

Nemo_bis changed the task status from Open to Stalled.Jul 19 2015, 8:44 AM
MZMcBride removed brion as the assignee of this task.Jul 19 2015, 3:26 PM
He7d3r added a subscriber: He7d3r.Jul 19 2015, 3:29 PM
Petrb added a comment.Jul 20 2015, 8:04 AM

I would not like the idea of using facebook to authenticate privileged users. That gives a lot of power to facebook that they could in theory abuse.

Oh come on... Why in the world would company like facebook ever needed to abuse some wikipedia account? I would be less surprised if someone from within foundation or some privileged volunteer abused it, rather than facebook or google.

I would not like the idea of using facebook to authenticate privileged users. That gives a lot of power to facebook that they could in theory abuse.

Oh come on... Why in the world would company like facebook ever needed to abuse some wikipedia account? I would be less surprised if someone from within foundation or some privileged volunteer abused it, rather than facebook or google.

Facebook is in the bussiness of building personalized profiles on users in order to create a personalized site experiance and better target advertisements. Abusing their login service to better do this could make financial sense for them. This is of course counter balanced by the negative press they would get if they got caught doing so (and for major abuse, like taking over a check user account, possibly also illegal).

Ultimately this would increase the surface of people we have to trust, and its really unclear how much facebook should be trusted. On the other hand maybe the benefits do outweigh the risks. Im personally somewhat doubtful of the benefits, but maybe the average user would really like it. And ill freely admit, facebook taking over someone's account is a bit tin foil hat, (although facebook collecting ips/login times to connect wikipedia pseudonyms to real names is much less tin foil hat imo. But arguably if the service is optional users are conscenting to that (albeit, debatable if its informed consent))

Does facebook even have an official policy stating they wont abuse the login feature? The clisest i could find was

We collect information when you visit or use third-party websites and apps that use our Services (like when they offer our Like button or Facebook Log In or use our measurement and advertising services). This includes information about the websites and apps you visit, your use of our Services on those websites and apps, as well as information the developer or publisher of the app or website provides to you or us.

l

On the other hand maybe the benefits do outweigh the risks.

Impossible. Allowing login via Facebook (or Google) means giving up any promise that we'll always use free software: if at some point Facebook decides that to use their credentials you have to adopt some proprietary software, and credentials of millions users are locked there, we'll be forced to surrender. On the other hand, if we don't care about those users and we'd just abandon them in such an occasion, why bother.

Petrb added a comment.Jul 20 2015, 2:06 PM

I would not like the idea of using facebook to authenticate privileged users. That gives a lot of power to facebook that they could in theory abuse.

Oh come on... Why in the world would company like facebook ever needed to abuse some wikipedia account? I would be less surprised if someone from within foundation or some privileged volunteer abused it, rather than facebook or google.

Facebook is in the bussiness of building personalized profiles on users in order to create a personalized site experiance and better target advertisements. Abusing their login service to better do this could make financial sense for them. This is of course counter balanced by the negative press they would get if they got caught doing so (and for major abuse, like taking over a check user account, possibly also illegal).
Ultimately this would increase the surface of people we have to trust, and its really unclear how much facebook should be trusted. On the other hand maybe the benefits do outweigh the risks. Im personally somewhat doubtful of the benefits, but maybe the average user would really like it. And ill freely admit, facebook taking over someone's account is a bit tin foil hat, (although facebook collecting ips/login times to connect wikipedia pseudonyms to real names is much less tin foil hat imo. But arguably if the service is optional users are conscenting to that (albeit, debatable if its informed consent))
Does facebook even have an official policy stating they wont abuse the login feature? The clisest i could find was

We collect information when you visit or use third-party websites and apps that use our Services (like when they offer our Like button or Facebook Log In or use our measurement and advertising services). This includes information about the websites and apps you visit, your use of our Services on those websites and apps, as well as information the developer or publisher of the app or website provides to you or us.

l

This is complete nonsense, I don't believe facebook management ever did officially permitted anyone to abuse login system. People are frequently giving it their private password for email servers just so that it can scan their address books. There was no evidence they ever abused that either and this is login info that actually has some value. By logging in to wikipedia you don't really get any valuable information that you can't see when logged off (except for checkuser data, which IMHO are completely priceless, IP's affiliated with wikipedia usernames... facebook has billions of IP's that are affiliated with real names already). In fact facebook collects and keeps data far more valuable than wikimedia servers, I doubt they could gain anything they already don't have. It's a large company, far bigger than WMF, likely with much more strict policies and rules. I just can't imagine their technicians doing anything like this. But I agree that having facebook login to wikipedia would be a nice ground for bunch of conspiracy theories :P

Petrb added a comment.Jul 20 2015, 2:09 PM

On the other hand maybe the benefits do outweigh the risks.

Impossible. Allowing login via Facebook (or Google) means giving up any promise that we'll always use free software: if at some point Facebook decides that to use their credentials you have to adopt some proprietary software, and credentials of millions users are locked there, we'll be forced to surrender. On the other hand, if we don't care about those users and we'd just abandon them in such an occasion, why bother.

What? Using facebook as login provider means using proprietary software just as much as running WMF servers on motherboards with proprietary BIOS. If facebook decides you have to use some proprietary software to access their login system, we can just always drop it from login form.

Petrb added a comment.Jul 20 2015, 2:15 PM

It's interesting that this idea to enable facebook login was considered "funny", while the arguments why we shouldn't do that sound like paranoid conspiracy theories, that I am not sure if should make you laugh or cry. I am no big fan of the idea of having that facebook login thing, but I must say there was pretty much no decent argument why is that a bad idea so far.

Unless you consider "never gonna happen", "facebook gonna steal our logins and sell it to CIA", "we would have to surrender to facebook", "innocent kittens will die if we make it" or "Vlad Putin is gonna start 3rd WW if we do this" as serious opinions on this matter.

Petrb added a comment.Jul 20 2015, 2:25 PM

BTW I talked to some folks in my office, some of them use wikipedia occasionally and they all liked the idea. Pretty much everyone hate websites that require you to register with username and password. Having external login providers would make this extremely more simple, because as @MZMcBride said, nearly everyone has facebook with few exceptions. So why bother people with yet another login?

There should be some wider research done on this topic, WMF already employs many researchers so why not task few of them to figure out if this idea is supported by general public, especially people who do use wikipedia but are reluctant to register (anonymous editors).

So your argument is, we should trust facebook because they are a big company and big companies don't do evil things because they are big?

I think you misrepresent nemo's argument. A key point was that if users depend on facebook login, we cant simply turn it off because those users wont be able to login without it as they are using that to authenticate

Petrb added a comment.Jul 20 2015, 2:42 PM

Then these accounts can be converted to SUL accounts if needed.

Then these accounts can be converted to SUL accounts if needed.

And how do peple log in. Either such users have an alternate means of authenticating themselves, in which case what's the point in the first place, or there is no way to access the converted accounts.

BTW I talked to some folks in my office, some of them use wikipedia occasionally and they all liked the idea. Pretty much everyone hate websites that require you to register with username and password. Having external login providers would make this extremely more simple, because as MZMcBride said, nearly everyone has facebook with few exceptions. So why bother people with yet another login?

Ancedotally, that is interesting. Although i wonder why such users would want to login in the first place instead of being an anon.

Petrb added a comment.Jul 20 2015, 4:57 PM

Because being logged in is better than being anon?

You don't disclose your IP address and you get your edits attributed to your account, people know who you are and can talk to you on your own talk page?

It's just that people hate to invent silly password and shit around that.

Qgil added a comment.Jul 27 2015, 4:25 PM

If Facebook, Google, etc, offer third-party login it's because it helps their business. How exactly I don't know (I searched, URLs welcome). A very small group of big corps are fighting for this marketshare, so I guess there are good business reasons behind that.

If Wikimedia offers these third-party logins, we will endorse these companies and we will contribute to their business. I'd rather keep our distance and neutrality.

Nemo_bis added a comment.EditedJul 28 2015, 8:59 AM

Because being logged in is better than being anon?

Not necessarily.

You don't disclose your IP address and you get your edits attributed to your account

I have yet to see scientific research demonstrating a large-scale harm of IP addresses exposure (if you find one, please please add to https://www.mediawiki.org/wiki/Requests_for_comment/Exposure_of_user_IP_addresses , I'm very interested); on the other hand, we know for sure that Facebook uses all sorts of private data for all sorts of evil things and they'd certainly welcome being sent precious profiling information on wiki interests of their users without even having to look for it.

I'd avoid the privacy arguments in this discussion, let's stick to the technical arguments which we have solid information about, like T61631#1465053. Is there an external authentication system/platform which guarantees perpetual respect of our commitment to free software?

hashar closed this task as Declined.Feb 23 2016, 12:01 PM
hashar added a subscriber: hashar.

As for the reasoning there are a few, pointing people to their Facebook/Google accounts means eventually that will leak the information people are using Wikipedia and maybe even leak the actions they are doing on the site. I dont think it is a good privacy wise.

Adding support for different third parties authentication systems would lead to a few interesting problems:

  • why limit to Google / Facebook? Where do you draw a line
  • what happens when a third party disappear or is broken/unavailable
  • who is going to handle and maintained the related MediaWiki code

I am declining this task again and please stop reopening it. If you really want to bring up the topic on table again please do so on mailing lists such as wikimedia-l or wikitech-l. If this task get reopen I will just ask for technical means to enforce it being closed.

Thank you

Peachey88 reopened this task as Open.EditedFeb 23 2016, 12:12 PM

As for the reasoning there are a few, pointing people to their Facebook/Google accounts means eventually that will leak the information people are using Wikipedia and maybe even leak the actions they are doing on the site. I dont think it is a good privacy wise.

That would be there choice to do that

Adding support for different third parties authentication systems would lead to a few interesting problems:

  • why limit to Google / Facebook? Where do you draw a line
  • what happens when a third party disappear or is broken/unavailable

Then they are gone or unavailable.

  • who is going to handle and maintained the related MediaWiki code

The same as every other code, Assuming we would focus on OAuth related projects.

I am declining this task again and please stop reopening it. If you really want to bring up the topic on table again please do so on mailing lists such as wikimedia-l or wikitech-l.

It has been opened since Jul 2015 (~7 months) and only declined twice previous to yours just then.

If this task get reopen I will just ask for technical means to enforce it being closed.

Don't be a dick much?

Please keep Phabricator a respectful place and stick to the Etiquette.

@Peachey88: Could you bring up this topic on mailing lists for broader input, as proposed by Hashar?

hashar closed this task as Declined.Feb 23 2016, 10:35 PM

@Peachey88

Don't be a dick much?

Yeah that looks like a great argument. Here is mine:

The MediaWiki Kabal SAYS NO

Does that look like a stronger argument?

I am really just teasing you @Peachey88. Please keep this task closed. As I instructed, bring the subject to a mailing list for further discussion which is a much better way to argue for/against a feature proposal

MZMcBride reopened this task as Open.Sep 8 2016, 2:33 AM

As for the reasoning there are a few, pointing people to their Facebook/Google accounts means eventually that will leak the information people are using Wikipedia and maybe even leak the actions they are doing on the site. I dont think it is a good privacy wise.

This argument is incoherent to me. MediaWiki wikis already "leak the actions" that a user is doing on a site. That's the whole point of having public logs and revision histories. If a user wants to give his or her information to Facebook or Google and then re-use that login, how is that a privacy concern? When you say "leak the information people are using Wikipedia", what does that mean specifically and why would it matter here?

Adding support for different third parties authentication systems would lead to a few interesting problems:

  • why limit to Google / Facebook? Where do you draw a line

Over a billion users?

  • what happens when a third party disappear or is broken/unavailable

It depends on what type of authentication system we set up.

  • who is going to handle and maintained the related MediaWiki code

How is this an interesting problem? Maintenance cost is attached to every line of code and feature ever.

I am declining this task again and please stop reopening it. If you really want to bring up the topic on table again please do so on mailing lists such as wikimedia-l or wikitech-l. If this task get reopen I will just ask for technical means to enforce it being closed.

If you want to start a discussion on a mailing list, feel free. If you don't want to be subscribed to this task, you can unsubscribe yourself.

Before touching the status of this task again, you should read and respond to the many valid points raised here. Your replies at T61631#2057649 and T61631#2054992 do not do that.

wctaiwan removed a subscriber: wctaiwan.Sep 8 2016, 2:59 AM
hashar closed this task as Declined.Sep 8 2016, 8:18 AM

@MZMcBride please keep this task closed. If you really want to bring it up again please raise the subject on the mailling lists such as wikimedia-l or wikitech-l.

@MZMcBride please keep this task closed. If you really want to bring it up again please raise the subject on the mailling lists such as wikimedia-l or wikitech-l.

Can you explain how Phabricator is an inappropriate forum? We regularly use Phabricator to draft requests for comment and to discuss feature requests and bug reports. Why are you insisting on closing this task?

MZMcBride reopened this task as Open.Sep 8 2016, 4:11 PM

I would not like the idea of using facebook to authenticate privileged users. That gives a lot of power to facebook that they could in theory abuse.

Facebook allegedly has over a billion users. It collects and stores an enormous amount of personal and private information about its users. Are you seriously suggesting that theoretical access to Wikipedia accounts would give Facebook "a lot of power"? This argument is insane.

My guess is that we if implement T30085: RFC: Allow user login with email address in addition to username, this bug will become mostly moot. We'll end up with users authenticating using the same e-mail address and password on Wikipedia that they use on Facebook and with Gmail.

There are 20 people subscribed to this task. Given the topic feels RfC'ish and welcomes more input, wikitech-l@ sounds like an appropriate venue (with way more subscribed people) to bring this up.

By RfC I assume you mean https://meta.wikimedia.org/wiki/RfC ? This is not a technical issue, but a "political" one.

By RfC I assume you mean https://meta.wikimedia.org/wiki/RfC ? This is not a technical issue, but a "political" one.

Nah, I meant https://www.mediawiki.org/wiki/Requests_for_comment or TechCom-RFC. Here's an example task that's being used as a drafting space for an RFC (instead of using the wiki): T119043.

There are 20 people subscribed to this task. Given the topic feels RfC'ish and welcomes more input, wikitech-l@ sounds like an appropriate venue (with way more subscribed people) to bring this up.

Sure, you or hashar or anyone else are free to start a discussion on a mailing list if you think that would be helpful/beneficial.

hashar closed this task as Declined.Sep 8 2016, 7:10 PM

Stop it and bring it to the wiki lists please. Thank you.

I respectfully note that allowing using my_email_address@example.com
to login too (which although makes perfect sense) does not bring us
anywhere closer to allowing the user to click on his friendly
familiar "f" logo, which is what I want. P.S., I don't subscribe to
those mailing lists.

Bawolff added a comment.EditedSep 9 2016, 5:03 AM

Lets take a step back here.

There are 3 ways of interpreting this bug:

  • Request to enable facebook login on WMF wikis
    • That is super politically contentious within our community. As a bare minimum you would need an RFC at meta to demonstrate community will to do this (or other community venues). If that's what people think this bug is about, then it should be declined as "lacks consensus". Phabricator isn't the place to come to agreement about controversial issues in our community. Its the place to request stuff once agreement has been reached in other channels.
  • Request to add facebook login into MediaWiki core
    • This is an inappropriate feature for MediaWiki core, as MW is used in many contexts, and not everyone would want this. For that I would decline this bug as me simply saying no, it should be an extension instead.
  • Request to develop an extension to do this

[ I don't think this bug should remain open at lowest priority. Lowest priority implies it would be possible to make a patch that would be accepted, just that nobody cares enough to do it. I don't think that describes this bug]

Sure, you or hashar or anyone else are free to start a discussion on a mailing list if you think that would be helpful/beneficial.

@MZMcBride: You seem to be interested in keeping this task opened. So you are in a way better position to faciliate discussion and provide your arguments to a broader audience. The ball is in your court.

MZMcBride reopened this task as Open.Sep 9 2016, 1:49 PM

There are 3 ways of interpreting this bug:

  • Request to enable facebook login on WMF wikis
    • That is super politically contentious within our community. As a bare minimum you would need an RFC at meta to demonstrate community will to do this (or other community venues). If that's what people think this bug is about, then it should be declined as "lacks consensus". Phabricator isn't the place to come to agreement about controversial issues in our community. Its the place to request stuff once agreement has been reached in other channels.

Phabricator Maniphest is a fine place to discuss the technical implementation and any potential blockers/impediments. As I said previously, there may be valid reasons to decline this task, but so far the reasoning has been almost exclusively "I don't like/trust Facebook" and that seems wrong to me.

More recently the argument has gotten even more bizarre and people like @hashar won't even discuss the merits of this task. Instead, he just keeps shouting "wrong venue!" and trying to stifle discussion here. That's pretty shady behavior.

If nothing else, it would be nice to expand the task description with a list of pros and cons regarding this proposal for future readers.

Regarding this proposal being contentious, what evidence do you have to support this claim? You have a Facebook account. I have a Facebook account. Andre has a Facebook account. Thousands of Wikipedia users have Facebook accounts (cf. https://en.wikipedia.org/w/index.php?title=Special:Search&profile=advanced&profile=advanced&fulltext=Search&search="facebook+profile"&ns2=1).

MZMcBride updated the task description. (Show Details)Sep 9 2016, 1:51 PM

Sure, you or hashar or anyone else are free to start a discussion on a mailing list if you think that would be helpful/beneficial.

@MZMcBride: You seem to be interested in keeping this task opened. So you are in a way better position to faciliate discussion and provide your arguments to a broader audience. The ball is in your court.

You know if you post on a local wiki village pump, you get told to file a task in Phabricator Maniphest. If you post to a mailing list, you get told to file a task in Phabricator Maniphest. If you file a task in Phabricator Maniphest, you get told to post to a mailing list? Stop giving people the run-around, it's very rude.

Phabricator Maniphest has a subscription feature for anyone interested in following this task to receive e-mail updates. If you think broader discussion is warranted/needed, you can post about this idea wherever you'd like. It is absolutely not my responsibility to adhere to your arbitrary demands for wider participation.

[offtopic]

You know if you post on a local wiki village pump, you get told to file a task in Phabricator Maniphest. If you post to a mailing list, you get told to file a task in Phabricator Maniphest. If you file a task in Phabricator Maniphest, you get told to post to a mailing list? Stop giving people the run-around, it's very rude.

Indeed, if you post on a mailing list or a local village pump and have a specific, well-defined, non-controversial issue, you hopefully get told to file a task in Maniphest. If there are more complex (technical or social) aspects to sort out first, a Maniphest task might welcome a related mailing list discussion or even an RfC. I'm sure you're well aware of this and understand which venues provide which purposes.

MZMcBride closed this task as Declined.Sep 9 2016, 7:03 PM

I'm marking this as declined because it isn't worth warring over. The arguments against doing this continue to be ridiculously weak and are largely driven by attempts to harmfully and needlessly spread fear, uncertainty, and doubt.

Indeed, if you post on a mailing list or a local village pump and have a specific, well-defined, non-controversial issue, you hopefully get told to file a task in Maniphest. If there are more complex (technical or social) aspects to sort out first, a Maniphest task might welcome a related mailing list discussion or even an RfC. I'm sure you're well aware of this and understand which venues provide which purposes.

The idea that Maniphest is not used—and should not be used—to capture complex technical tasks, even those that include social components, is demonstrably false.

I think there were two issues that were conflated into one in this task: 1) Should Wikimedia support using any external services for authentication (e.g. OpenID, OAuth, Persona), and 2) Should we support Facebook as one of those mechanisms, possibly via an open standard.

Some people here are against #1, and others are only against #2. In any case, I agree that there was way too much FUD in this discussion. Facebook isn't going to compromise checkuser accounts, we (now) have a robust authentication system that allows lowering user's permissions depending what authentication method they use (OAuth, BotPasswords), we'd obviously apply the same treatment to external providers.