Verification of files should be on sever side and not client side (client side flick'r review can be faked).
(Blocker: This is needed to enable Flickr Upload for all users)
Description
Description
Details
Details
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| mw.FlickrChecker: Use {{flickrreview}} | mediawiki/extensions/UploadWizard | master | +6 -6 |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | • Gilles | T89012 Flickr option tends to reappear despite not having flickr import rights | |||
| Resolved | kaldari | T90004 Enable Flickr import for all users on Commons | |||
| Open | None | T89131 Server side flickr review |
Event Timeline
Comment Actions
(Blocker: This is needed to enable Flickr Upload for all users)
Why? UploadWizard does not do anything a user could not do manually. I can upload a hundred Flickr images manually right now, and probably forget to add the flickrreview template to them or do it wrong, and then a volunteer has to clean up after me. UploadWizard does the same thing, except it adds the right templates - why would that require more scrutiny?
Generally, the client side is better for logic that is closely connected with user workflow, because the client side is easier to customize. Other wikis might have different verification requirements, different workflows, different templates, even different image sharing sites for which they want similar support. With a modular, extensible JS code and bot-based verification, they can provide that for themselves; after pushing everything to the server-side, they would effectively be blocked.
Comment Actions
I still believe this is not the best way to go. Or rather, checking the license should happen on server side, but not necessarily on the MediaWiki servers - that will in effect exclude smaller communities from adding support for their own image sharing sites of choice, as adding a significant amount of code to a WMF-deployed extension is a huge barrier, especially if the functionality is not easily understandable to developers outside that community (imagine doing code review for the logic that verifies 163.com licenses). I proposed a "federated" approach in T55046#1310718.
Comment Actions
Since it is causing issues (e. g. here) we should probably replace "{{FlickrVerifiedByUploadWizard.*}}" with "{{flickrreview}}" in the code. OR we simply add {{flickrreview}} for a additionally check (then we can remove the FlickrVerifiedByUploadWizard from AbuseFilter). I actually have no idea for a onwiki-only solution here. But both changes are trivial.
Comment Actions
@Steinsplitter - I fixed the AbuseFilter filter. You forgot to exempt the extended-uploader user group when you added the {{FlickrVerifiedByUploadWizard.*}} template. To be added to the extended-uploader user group, you have to be vetted for knowledge of the licensing policies, and be trusted to import files from Flickr that aren't Flickrwashed, so those users are trusted should be exempted from the AbuseFilter.
Comment Actions
@Slowking4 is not actually in the extended uploaders group. I suspect he has the "Share images from Flickr" button because he is in the "GWToolset users" group.
@Tgr on T100062 "Granted, the Commons community might well decide to not widen access to the tool even if that happens, as they tend to be concerned with making uploading too easy."
I am quite confident the Commons community will be happy to enable it with a ratelimit for autopatrolled users. Commons has 5,955 autopatrolled users but only 67 extended uploaders. And 57 gwtoolset users. And 256 license reviewers. And 225 admins. And many, many, many users who aren't in any of those groups. I can't say if the community will be happy to enable it for everyone without limits.
Comment Actions
Thanks @kaldari for looking into this :-). I did not forgot that, after your change extended-uploaders can review images, which is not allowed by policy. The policy requires a short poll, then the right (license review) will be granted to the user. Additionally, the review is client side and therefore not legally secure. The policy also disallows reviewing own files. http://commons.wikimedia.org/wiki/COM:LR
I think we should change the bot review as for now, we had a JS hack for that which stopped working (i have no time at the moment to investigate that): https://commons.wikimedia.org/wiki/MediaWiki:Group-extended-uploader.js :)
Comment Actions
The GWT invokes the hack from MediaWiki:Group-extended-uploader.js (which no longer works).
@Tgr on T100062 "Granted, the Commons community might well decide to not widen access to the tool even if that happens, as they tend to be concerned with making uploading too easy."
I am quite confident the Commons community will be happy to enable it with a ratelimit for autopatrolled users. Commons has 5,955 autopatrolled users but only 67 extended uploaders. And 57 gwtoolset users. And 256 license reviewers. And 225 admins. And many, many, many users who aren't in any of those groups. I can't say if the community will be happy to enable it for everyone without limits.
I think so as well, there is also onwiki consensus (as far i remember) for that (somewhere i the VP/Proposals archive), the only *blocker* was the client side license review which is not secure.
Comment Actions
@Steinsplitter - Ah, I see. While extended-reviewers can technically review image licenses now, I think they can be trusted not to violate the review policy (or hack UploadWizard to do a false review). We don't have to enforce every policy with an AbuseFilter, especially for trusted users, in my opinion. I'm open to hearing other opinions though. Of course, the best solution is switching to server-side license review, but no telling when that will happen.
Comment Actions
Please replace or supplement {{FlickrVerifiedByUploadWizard.*}} with {{flickrreview}}.
@kaldari: Your argument about extended uploaders is no longer valid.
Comment Actions
@AlexisJazz: Do you plan to work on fixing this task, as you increased the priority of this task?
Comment Actions
Here are the changes needed (really, do you need me for this?):
mw.FlickrChecker.licenseMaps = {
'All Rights Reserved': 'invalid',
'Attribution License': '{{FlickrVerifiedByUploadWizard|cc-by-2.0}}{{cc-by-2.0}}',
'Attribution-NoDerivs License': 'invalid',
'Attribution-NonCommercial-NoDerivs License': 'invalid',
'Attribution-NonCommercial License': 'invalid',
'Attribution-NonCommercial-ShareAlike License': 'invalid',
'Attribution-ShareAlike License': '{{FlickrVerifiedByUploadWizard|cc-by-sa-2.0}}{{cc-by-sa-2.0}}',
'No known copyright restrictions': '{{FlickrVerifiedByUploadWizard|Flickr-no known copyright restrictions}}{{Flickr-no known copyright restrictions}}',
'United States Government Work': '{{FlickrVerifiedByUploadWizard|PD-USGov}}{{PD-USGov}}',
'Public Domain Dedication (CC0)': '{{FlickrVerifiedByUploadWizard|cc-zero}}{{cc-zero}}',
'Public Domain Mark': '{{FlickrVerifiedByUploadWizard|Public Domain Mark}}' // T105629
};Change to
mw.FlickrChecker.licenseMaps = {
'All Rights Reserved': 'invalid',
'Attribution License': '{{cc-by-2.0}}{{flickrreview}}',
'Attribution-NoDerivs License': 'invalid',
'Attribution-NonCommercial-NoDerivs License': 'invalid',
'Attribution-NonCommercial License': 'invalid',
'Attribution-NonCommercial-ShareAlike License': 'invalid',
'Attribution-ShareAlike License': '{{cc-by-sa-2.0}}{{flickrreview}}',
'No known copyright restrictions': '{{Flickr-no known copyright restrictions}}{{flickrreview}}',
'United States Government Work': '{{PD-USGov}}{{flickrreview}}',
'Public Domain Dedication (CC0)': '{{cc-zero}}{{flickrreview}}',
'Public Domain Mark': '{{flickrreview}}' // T105629, user needs to add a valid PD license
};Edit: I hereby release this patch as public domain. No attribution required.
Comment Actions
@zhuyifei1999 just in case anyone is going to make a problem out of the above, can you alter FlickreviewR to start chomping on {{FlickrVerifiedByUploadWizard.*}} tags?
Comment Actions
@AlexisJazz: Thanks for taking a look at the code! If you feel like proposing software changes to be reviewed and merged, you are very welcome to use developer access to submit the proposed code changes as a Git branch directly into Gerrit. If you don't want to set up Git/Gerrit, you can also use the Gerrit Patch Uploader.
Comment Actions
@Aklapper I suspect this change would not be desired outside of Wikimedia projects, perhaps even outside of Wikimedia Commons. I don't know if/how this can be applied only to Commons. Maybe changing the FlickreviewR bot is better, but I'll let zhuyifei1999 comment on that.
Comment Actions
Change 485141 had a related patch set uploaded (by Zhuyifei1999; owner: Alexis Jazz):
[mediawiki/extensions/UploadWizard@master] mw.FlickrChecker: Use {{flickrreview}}
Comment Actions
Change 485141 merged by jenkins-bot:
[mediawiki/extensions/UploadWizard@master] mw.FlickrChecker: Use {{flickrreview}}