Page MenuHomePhabricator

Legoktm (Legoktm)
UserAdministrator

Projects (102)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Tuesday

  • Clear sailing ahead.

User Details

User Since
Sep 19 2014, 7:30 PM (302 w, 1 d)
Roles
Administrator
Availability
Available
IRC Nick
legoktm
LDAP User
Legoktm
MediaWiki User
Unknown

Recent Activity

Fri, Jul 3

Legoktm updated subscribers of T257080: php-composer-security-docker failing due to git fetch of non-existent REL1_35 ref.

but it's going to fail until the branch is actually created...

Fri, Jul 3, 9:37 PM · Release-Engineering-Team, Security-Team
Legoktm added a comment to T257076: Unable access to frwiki page "Spore : Aventures_galactiques".

See https://meta.wikimedia.org/wiki/Talk:Interwiki_map#spore

Fri, Jul 3, 8:53 PM · Wikimedia-General-or-Unknown, Wikimedia-Site-requests, Wikispore
Legoktm awarded T256367: WMF-NDA access for DannyS712 a Like token.
Fri, Jul 3, 5:13 AM · WMF-NDA-Requests, User-DannyS712
Legoktm updated the task description for T256367: WMF-NDA access for DannyS712.
Fri, Jul 3, 4:56 AM · WMF-NDA-Requests, User-DannyS712
Legoktm added a comment to T160233: Enable administrators to update block logs.

I never really understood the fascination with having a "clean block log" or being able to annotate blocks that expired as incorrect or something. But a lot of people do, and here we are. I think it's important to recognize that adding this feature to MediaWiki will cause a social change - I'd expect significantly more people who feel slighted by blocks that weren't 100% solid to now appeal for someone to annotate their block log accordingly (not saying more review/accountability is a bad thing, just that things will change).

Fri, Jul 3, 4:44 AM · MediaWiki-Blocks, Anti-Harassment, Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, User-DannyS712, MediaWiki-Logging, Community-Wishlist-Survey-2016
Legoktm added a comment to T245478: Add option to exclude errors from templates.

No, linter_params isn't ever going to get an index, as it's just a JSON blob. We would have to introduce a new linter_template field that just contains the template's name or is null.

Fri, Jul 3, 4:31 AM · Patch-For-Review, User-DannyS712, MediaWiki-extensions-Linter

Thu, Jul 2

Legoktm created T257008: extjsonuploader: Edits aren't being marked as bot.
Thu, Jul 2, 11:53 PM · Tools
Legoktm committed rLLUP2861bf48ecc9: Add translatewiki repo (authored by Legoktm).
Add translatewiki repo
Thu, Jul 2, 10:01 AM

Wed, Jul 1

Legoktm added a comment to T256877: Handle sunset of stretch-backports.

From a puppet codesearch, I see:

Wed, Jul 1, 10:35 PM · Patch-For-Review, Operations
Legoktm added a comment to T256881: wmcs: evaluate impact of stretch-backports being archived.

Didn't we replace tesseract with a newly packaged and compiled version, @aborrero? If we did, maybe that comment or something else needs to be removed?

Wed, Jul 1, 10:25 PM · cloud-services-team (Kanban)
Legoktm added a comment to T194953: Support hosting Rust tools on Toolforge.

Too be honest, I don't really understand why we need special docker images for Rust (or any compiled language for that matter). Cross-compiling works, per-user installation of rustup + jsub seems to work fine as well.

Wed, Jul 1, 7:25 PM · cloud-services-team (Kanban), Toolforge
Legoktm added a comment to T240188: Redirect Special:ShortUrl to Special:UrlShortener.

There are plans to undeploy that extension from Wikimedia sites. Once that's done, there's nothing to prevent this.

Please consult communities first before undeploying Extension ShortUrl. Many projects use them as stable shorturls in many places and does not want their workflow to breakdown.

Wed, Jul 1, 6:55 PM · MediaWiki-extensions-UrlShortener
Legoktm updated subscribers of T185726: Change HtmlFormatter library to use Wikimedia namespace.

I was going to do this, but after codesearching, I wonder if it makes sense to use this opportunity to rename this library/class to something else, given that RemexHtml also has a HtmlFormatter class that is more used than this library...

Wed, Jul 1, 5:47 PM · Librarization
Legoktm updated the task description for T174975: Move Wikimedia libraries into Wikimedia namespace.
Wed, Jul 1, 5:45 PM · MediaWiki-Vendor, Librarization
Legoktm added a comment to T211608: Librarize includes/services/.

@Legoktm should ServiceOptions also be moved to the new library? Or even to its own library, since it may have valid uses outside of a "service"?

ServiceOptions is dependent on the \Config class, so I don't think it's appropriate to librarize...or at least put in this library. Also, now that I look at the ServiceOptions class, I'm not the biggest fan of it, but that's another task.

Wed, Jul 1, 5:37 PM · MW-1.35-notes (1.35.0-wmf.40; 2020-07-07), MW-1.33-notes (1.33.0-wmf.14; 2019-01-22), Patch-For-Review, Librarization, MediaWiki-ServiceContainer
Legoktm created T256898: Reconsider usage of ServiceOptions.
Wed, Jul 1, 5:36 PM · MediaWiki-Configuration, MediaWiki-ServiceContainer
Legoktm updated the task description for T211608: Librarize includes/services/.
Wed, Jul 1, 4:24 PM · MW-1.35-notes (1.35.0-wmf.40; 2020-07-07), MW-1.33-notes (1.33.0-wmf.14; 2019-01-22), Patch-For-Review, Librarization, MediaWiki-ServiceContainer
Legoktm added a comment to T256881: wmcs: evaluate impact of stretch-backports being archived.

The golang-sssd docker image installs golang-go from stretch-backports.

Wed, Jul 1, 3:05 PM · cloud-services-team (Kanban)
Legoktm added a comment to T253470: Request for supporting Deno on Toolforge.

It's unlikely that Toolforge will provide a system-wide installation of Deno anytime soon. Even for Rust (which is a precursor for Deno support), we're initially looking at per-user rustup installs (see T194953). I would suggest you do the same, install deno in your tool's home directory and proceed from there, letting us know how it goes.

Wed, Jul 1, 12:25 AM · Toolforge (Software install/update)
Legoktm added a comment to T200034: Jenkins shouldn't post failures when "test coverage" is reduced because the number of lines of code are reduced..

I believe this will be fixed when we do the next rebuild of the Quibble images.

Wed, Jul 1, 12:16 AM · phpunit-patch-coverage
Legoktm added a comment to T157893: Automate deployment of heritage on Gerrit post-merge.

@hashar and I discussed this on IRC a few days ago. Summary (please add/clarify if I missed anything Hashar!):

Wed, Jul 1, 12:12 AM · Release-Engineering-Team (CI & Testing services), Release-Engineering-Team-TODO, Continuous-Integration-Infrastructure, User-JeanFred, Wiki-Loves-Monuments-Database

Tue, Jun 30

Legoktm created T256827: Support Rust repositories in CI.
Tue, Jun 30, 11:55 PM · Continuous-Integration-Config
Legoktm added a comment to T247175: Install mwclient for python3 on toolforge.

@wcam is there any reason you can't use a virtualenv to install mwclient? That's the preferred way to users to install Python packages on Toolforge.

Tue, Jun 30, 8:59 PM · Toolforge (Software install/update)
Legoktm awarded T255697: Offboard valhallasw as vps/toolforge admin a Heartbreak token.
Tue, Jun 30, 8:55 PM · Toolforge
Legoktm committed R2140:a25b2c599cbd: Add service.template (authored by Legoktm).
Add service.template
Tue, Jun 30, 3:07 PM
Legoktm committed R2140:3d6a4b91f76b: Temporarily disable Fedora test (authored by Legoktm).
Temporarily disable Fedora test
Tue, Jun 30, 3:07 PM
Legoktm committed R2354:4bfd9ee8e028: Add service.template (authored by Legoktm).
Add service.template
Tue, Jun 30, 3:04 PM
Legoktm committed R2354:ac56888c2b6b: Test against Python 3.8 (authored by Legoktm).
Test against Python 3.8
Tue, Jun 30, 3:04 PM
Legoktm committed R2053:eddeed336a81: Add service.template (authored by Legoktm).
Add service.template
Tue, Jun 30, 3:03 PM
Legoktm committed rLTSU6567852fa5d4: Add service.template (authored by Legoktm).
Add service.template
Tue, Jun 30, 10:55 AM
Legoktm committed rLTSUe1ab3d45ab6f: Test against Python 3.7 & 3.8 (authored by Legoktm).
Test against Python 3.7 & 3.8
Tue, Jun 30, 10:55 AM
Legoktm committed rLTSU45c3a1b44945: Don't load resources from cloudflare (authored by Legoktm).
Don't load resources from cloudflare
Tue, Jun 30, 10:55 AM
Legoktm committed R2328:b8dc25605302: Add service.template (authored by Legoktm).
Add service.template
Tue, Jun 30, 9:04 AM
Legoktm committed R2328:f81237d120ac: Fix type (authored by Legoktm).
Fix type
Tue, Jun 30, 9:04 AM
Legoktm committed R2355:ed2e0925d7a2: Fix type (authored by Legoktm).
Fix type
Tue, Jun 30, 9:03 AM
Legoktm committed R2355:fd444897ce09: Add service.template (authored by Legoktm).
Add service.template
Tue, Jun 30, 9:03 AM
Legoktm committed R2355:2cb1f2f8c4bb: build: Update PHPCS and configure linter (authored by Legoktm).
build: Update PHPCS and configure linter
Tue, Jun 30, 9:03 AM
Legoktm committed R2355:395998f75401: Update source code link (authored by Legoktm).
Update source code link
Tue, Jun 30, 9:03 AM
Legoktm added a comment to T211608: Librarize includes/services/.

@Legoktm should ServiceOptions also be moved to the new library? Or even to its own library, since it may have valid uses outside of a "service"?

Tue, Jun 30, 7:29 AM · MW-1.35-notes (1.35.0-wmf.40; 2020-07-07), MW-1.33-notes (1.33.0-wmf.14; 2019-01-22), Patch-For-Review, Librarization, MediaWiki-ServiceContainer
Legoktm added a comment to T194953: Support hosting Rust tools on Toolforge.

Is there any reason not to run a compile via the grid with jsub?

Tue, Jun 30, 6:15 AM · cloud-services-team (Kanban), Toolforge

Mon, Jun 29

Legoktm added a comment to T249318: Add analytics/* gerrit repos to code search.

https://codesearch.wmflabs.org/analytics/ is live now, except... uBlock Origin blocks analytics/js by default, so it doesn't work unless you disable that rule. How big of a problem is that going to be? We could rename the path to something like analytics-real to prevent the rule from matching I suppose...

Mon, Jun 29, 11:43 PM · Analytics, VPS-project-codesearch
Legoktm committed rODIT789f3d1fe9b8: Add html web image (authored by Legoktm).
Add html web image
Mon, Jun 29, 11:40 PM
Legoktm merged T256692: modify-ldap-group should make it impossible to add users who don't exist to a group into T201779: Have a check to prevent non-existent accounts from being added to LDAP groups.
Mon, Jun 29, 10:33 PM · Security, LDAP, Operations
Legoktm merged task T256692: modify-ldap-group should make it impossible to add users who don't exist to a group into T201779: Have a check to prevent non-existent accounts from being added to LDAP groups.
Mon, Jun 29, 10:33 PM · Security, Operations
Legoktm added a comment to T238803: Retire fixcopyright.wikimedia.org.

I filed T256690: Archive the EUCopyrightCampaign extension and T256691: Archive the EUCopyrightCampaignSkin skin.

Mon, Jun 29, 10:12 PM · Release-Engineering-Team-TODO, Projects-Cleanup, fixcopyright.wikimedia.org, Wiki-Setup (Delete / Redirect), Traffic, Operations
Legoktm created T256691: Archive the EUCopyrightCampaignSkin skin.
Mon, Jun 29, 10:12 PM · translatewiki.net, MediaWiki-extensions-Other, Other-skins, Wikimedia-GitHub, Repository-Admins, Projects-Cleanup
Legoktm created T256690: Archive the EUCopyrightCampaign extension.
Mon, Jun 29, 10:11 PM · translatewiki.net, MediaWiki-extensions-Other, Wikimedia-GitHub, Repository-Admins, Projects-Cleanup
Legoktm added a comment to T238803: Retire fixcopyright.wikimedia.org.

As noted in the second last bullet, it is desired that we not archive the extension and skin, as they will be potentially instructive in the future. If they are archived, will the code still be accessible somehow?

Mon, Jun 29, 9:28 PM · Release-Engineering-Team-TODO, Projects-Cleanup, fixcopyright.wikimedia.org, Wiki-Setup (Delete / Redirect), Traffic, Operations
Legoktm claimed T211608: Librarize includes/services/.

@Legoktm nice, thanks! Should extensions also be updated to require that new library in composer.json?

Mon, Jun 29, 9:13 PM · MW-1.35-notes (1.35.0-wmf.40; 2020-07-07), MW-1.33-notes (1.33.0-wmf.14; 2019-01-22), Patch-For-Review, Librarization, MediaWiki-ServiceContainer
Legoktm committed rMLSE5ef69a8a8b0d: Support wikimedia/assert ^0.5.0 (authored by Legoktm).
Support wikimedia/assert ^0.5.0
Mon, Jun 29, 1:56 PM
Legoktm added a comment to T256575: Jenkins comments no longer formatted on Gerrit 3.

Maybe this is too different, but is it possible to move the Jenkins output to a separate "checks" tab like upstream does?

Mon, Jun 29, 7:07 AM · Patch-For-Review, Release-Engineering-Team-TODO, Developer Productivity, Continuous-Integration-Config, Gerrit
Legoktm added a comment to T255701: Move Dan's CI metrics cron script / HTML output from people.wikimedia.org to doc.wikimedia.org.

Where is the source code for this?

Mon, Jun 29, 5:20 AM · Continuous-Integration-Infrastructure, Code-Health-Metrics, Release-Engineering-Team (CI & Testing services), Release-Engineering-Team-TODO
Legoktm changed the visibility for T248385: Information leak and other bad stuff in SocialProfile's ApiUserProfilePrivacy.
Mon, Jun 29, 5:10 AM · Social-Tools, Vuln-Infoleak, SocialProfile, Security, Security-Team
Legoktm added a comment to T225231: Consider having a top-level jenkins CI job for each commit, so they can be manually killed swiftly rather than one-by-one.

For the security release case, which I think is really the only case we want to support skipping CI for, I think we could have some topic/hashtag (if zuul supports those) or a pseudo-header in the commit message (e.g. Wikimedia-CI: skip) that zuul filters on maybe with an email whitelist to approved releasers to not queue any jobs for.

Mon, Jun 29, 5:09 AM · Release-Engineering-Team (CI & Testing services), Release-Engineering-Team-TODO, Continuous-Integration-Infrastructure

Sun, Jun 28

Legoktm committed rMLSE5e3614eaa926: Adjust @see comment to reflect move out of MediaWiki core (authored by Legoktm).
Adjust @see comment to reflect move out of MediaWiki core
Sun, Jun 28, 2:37 PM
Legoktm committed rMLSEa97259a62f81: Add specific RecursiveServiceDependencyException class (authored by aaron).
Add specific RecursiveServiceDependencyException class
Sun, Jun 28, 2:37 PM
Legoktm committed rMLSE8b6f37b09238: Use parameter types (authored by MaxSem).
Use parameter types
Sun, Jun 28, 2:37 PM
Legoktm committed rMLSE7f093574f2d1: Add recursion check to createService() (authored by Simetrical).
Add recursion check to createService()
Sun, Jun 28, 2:37 PM
Legoktm added a comment to T241195: Add python3.8 to buster-wikimedia pyall component.

I've updated the aforementioned apt repository with 3.8.1-2~buster1 packages Someone in SRE that's more familiar with how we do things these days (maybe @MoritzMuehlenhoff?) can update our reprepro to include that.

Ack, I'll take care of that.

Sun, Jun 28, 10:15 AM · Operations, Continuous-Integration-Infrastructure
Legoktm committed rLCSH22b35fde8170: Add analytics search profile (authored by Legoktm).
Add analytics search profile
Sun, Jun 28, 10:04 AM
Legoktm committed rLCSHed0142cf5250: Add gerrit_prefix_list to automatically list repos based on their prefix (authored by Legoktm).
Add gerrit_prefix_list to automatically list repos based on their prefix
Sun, Jun 28, 10:04 AM
Legoktm created P11680 (An Untitled Masterwork).
Sun, Jun 28, 9:57 AM
Legoktm added a comment to T249318: Add analytics/* gerrit repos to code search.

I deployed the codesearch part, once the puppet patch is merged this should go live.

Sun, Jun 28, 9:36 AM · Analytics, VPS-project-codesearch
Legoktm added a comment to T249318: Add analytics/* gerrit repos to code search.

I had some old code lying around that automatically generate the repo lists from Gerrit's prefix search, just committed in https://gerrit.wikimedia.org/r/c/labs/codesearch/+/608193

Sun, Jun 28, 9:23 AM · Analytics, VPS-project-codesearch
Legoktm updated subscribers of T231572: Index Wikibase JavaScript libraries.

All but one of those repos no longer exist...

Sun, Jun 28, 9:15 AM · VPS-project-codesearch
Legoktm closed T231571: Index Wikibase PHP libraries as Resolved.

I believe all of these are now indexed.

Sun, Jun 28, 9:12 AM · VPS-project-codesearch
Legoktm added a comment to T215584: codesearch's systemd timeouts might accidentally kill git processes.

I don't believe anything has changed since this was originally filed, maybe just luck that we haven't hit it recently.

Sun, Jun 28, 9:11 AM · VPS-project-codesearch
Legoktm renamed T215584: codesearch's systemd timeouts might accidentally kill git processes from Add TimedMediaHandler to WMF-deployed search preset to codesearch's systemd timeouts might accidentally kill git processes.
Sun, Jun 28, 9:10 AM · VPS-project-codesearch
Legoktm closed T188223: Codesearch needs a filter for JS/PHP libraries as Resolved.
Sun, Jun 28, 9:09 AM · VPS-project-codesearch
Legoktm added a project to T241033: codesearch is not searching package-lock.json: Upstream.
Sun, Jun 28, 8:46 AM · Upstream, VPS-project-codesearch
Legoktm added a comment to T197906: Come up with list of software packages to create generic puppet roles for.

T246017: CodeSearch Docker containers not starting or failing after start because of iptables network overlay issues made me think that a ::profile::cloudvps::docker manifest could be a good idea. There are at least 2 Cloud VPS projects (integration and codesearch) which are deploying Docker on instances and using related but slightly different work arounds to keep ferm and Docker from fighting over iptables rules which are needed for north-south communication with the Docker containers.

Sun, Jun 28, 8:42 AM · Epic, cloud-services-team (Kanban), Cloud-VPS
Legoktm added a project to T256559: Notifications from multiple Wiki sites do not work: Notifications.
Sun, Jun 28, 7:42 AM · Wikipedia-Android-App-Backlog (Android-app-release-v2.7.32x-Q-Qurabiya), Growth-Team, Notifications, Android-app-Bugs
Dzahn awarded T175929: Prepare wikibugs gerrit bot for gerrit 2.14 / 2.15 / 3.0 a Like token.
Sun, Jun 28, 6:47 AM · Gerrit, Patch-For-Review, Wikibugs
Legoktm renamed T175929: Prepare wikibugs gerrit bot for gerrit 2.14 / 2.15 / 3.0 from Prepare wikibugs gerrit bot for gerrit 2.14 / 2.15 to Prepare wikibugs gerrit bot for gerrit 2.14 / 2.15 / 3.0.
Sun, Jun 28, 6:26 AM · Gerrit, Patch-For-Review, Wikibugs
Legoktm closed T175929: Prepare wikibugs gerrit bot for gerrit 2.14 / 2.15 / 3.0 as Resolved.

I think we're set now. If people want to see (or not see) WIP patches on IRC, let's discuss that in a few task.

Sun, Jun 28, 6:26 AM · Gerrit, Patch-For-Review, Wikibugs

Sat, Jun 27

Legoktm added a comment to T256520: Consider 'normalize' stylesheet RL module.

This reminded me of https://gerrit.wikimedia.org/r/c/mediawiki/core/+/110908 (Add normalize.css as an available resource), which was declined back in 2014. I don't know whether those comments are relevant to this or not.

Sat, Jun 27, 4:08 AM · Readers-Web-Backlog (Kanbanana-2019-20-Q4), Patch-For-Review, UI-Standardization-Kanban, UI-Standardization, CSS, MediaWiki-Core-Skin-Architecture
Legoktm committed R2050:40426ecf86eb: chmod +x build.sh (authored by Legoktm).
chmod +x build.sh
Sat, Jun 27, 12:13 AM
Legoktm committed R2050:e3ade660737e: cargo update (authored by Legoktm).
cargo update
Sat, Jun 27, 12:13 AM
Legoktm committed R2050:817545c7f212: Add service.template (authored by Legoktm).
Add service.template
Sat, Jun 27, 12:13 AM
Legoktm committed R2050:c2fa36589317: Add build.sh script (authored by Legoktm).
Add build.sh script
Sat, Jun 27, 12:13 AM
Legoktm committed R2050:71f39798d2d3: Expose what rust version was used for compilation (authored by Legoktm).
Expose what rust version was used for compilation
Sat, Jun 27, 12:13 AM

Fri, Jun 26

Legoktm closed T256513: Toolforge: Completed jobs not available via qstat as Resolved.

After discussion on IRC, this is mostly a documentation issue, which should now be resolved: https://wikitech.wikimedia.org/w/index.php?title=Help%3AToolforge%2FGrid&type=revision&diff=1871328&oldid=1870115

Fri, Jun 26, 10:56 PM · Documentation, cloud-services-team (Kanban), Toolforge
Legoktm created T256513: Toolforge: Completed jobs not available via qstat.
Fri, Jun 26, 10:32 PM · Documentation, cloud-services-team (Kanban), Toolforge

Thu, Jun 25

Legoktm added a comment to T180860: Re-run active editors skin statistics.

Here are the latest stats. Data is for the past year May 2019 to May 2020.

Results :

SkinPercentage of users (with 5 or more edits)Percentage of users (with 30 or more edits)Percentage of users (with 600 or more edits)
vector97.2%95.5%91.4%
monobook2.0%3.4%7.2%
modern0.3%0.4%0.7%
timeless0.3%0.5%0.5%
cologneblue0.1%0.1%0.1%
minerva0.1%0.1%0.0%

Posted detailed results and calculations to this notebook.

Thu, Jun 25, 12:55 PM · Tech-Ambassadors, Readers-Web-Backlog (Tracking), Product-Analytics (Kanban), Advanced Mobile Contributions, Desktop Improvements
Legoktm added a member for Packaging: Legoktm.
Thu, Jun 25, 7:44 AM
Legoktm added a comment to T253377: WMF deployed EasyTimeline extension depends on Ploticus package which is not available in Debian Buster (but available again in Debian Bullseye).

FWIW ploticus was fixed and will be in the next Debian stable release (bullseye), but it missed buster. In theory we could maintain our own backport of it, but obviously sunsetting EasyTimeline is a better long term solution.

Thu, Jun 25, 7:43 AM · EasyTimeline, Packaging
Legoktm added a comment to T250406: RFC: Hybrid extension management.

Surely there are better options, but they have yet to be implemented (cf. @Tgr's comment above). So composer seems to be a viable way to go, it has a solid usage basis and a set of MediaWiki developers willing to maintain it.

See T118188#2613011 / https://gerrit.wikimedia.org/r/c/mediawiki/core/+/308891 - it's hard to move forward when you're met with silence...

Thu, Jun 25, 7:35 AM · MediaWiki-Stakeholders-Group, TechCom-RFC
Legoktm created P11658 (An Untitled Masterwork).
Thu, Jun 25, 7:23 AM
Legoktm added a watcher for Security: Legoktm.
Thu, Jun 25, 1:22 AM
Legoktm added a comment to T255881: Enable wgBreakFrames across all projects.

This sounds reasonable to me, certainly for now. Unfortunately $wgBreakFrames is a bit of a hammer, as-is. If OP->allowClickjacking() could override it, I think the solution would be simple for action=render. Otherwise I'm not quite sure what the cleanest approach might be. A new global? Seems a bit much. Creating some action exception logic for $wgBreakFrames? Defeats the purpose a bit IMO and I'm not sure just how ugly something like $wgBreakFramesAllowedActions would be.

Thu, Jun 25, 1:21 AM · Wikimedia-Site-requests, Patch-For-Review, Security, Security-Team, user-sbassett

Wed, Jun 24

Akuckartz awarded P11646 (An Untitled Masterwork) a Like token.
Wed, Jun 24, 1:23 PM
Legoktm renamed T248947: img_auth.php may leak private extension images into the public cache (CVE-2020-15005) from img_auth.php may leak private extension images into the public cache to img_auth.php may leak private extension images into the public cache (CVE-2020-15005).
Wed, Jun 24, 11:21 AM · MW-1.34-notes, MW-1.35-notes (1.35.0-wmf.39; 2020-06-30), MW-1.33-notes, MW-1.31-release-notes, Commons, MediaWiki-File-management, Security, Security-Team
Legoktm closed T248541: Obtain CVEs for 1.31.8/1.33.4/1.34.2 security releases, a subtask of T248534: Release MediaWiki 1.31.8/1.33.4/1.34.2, as Resolved.
Wed, Jun 24, 11:20 AM · MediaWiki-Releasing, Security
Legoktm closed T248541: Obtain CVEs for 1.31.8/1.33.4/1.34.2 security releases as Resolved.

CVE-2020-15005

Wed, Jun 24, 11:20 AM · MediaWiki-Releasing, Security
Legoktm added a comment to T173478: Puppetize setup on upgrader-06.wmflabs.

Once ^ is merged, I created an upgrader-07 instance to test with.

Wed, Jun 24, 9:42 AM · Patch-For-Review, LibUp
Legoktm claimed T173478: Puppetize setup on upgrader-06.wmflabs.

Going to take a stab at this again.

Wed, Jun 24, 9:09 AM · Patch-For-Review, LibUp
Legoktm added a comment to T250406: RFC: Hybrid extension management.

Most MediaWiki extensions don't have composer dependencies, so I think optimizing for that case is wrong.

Many of them do, and I think even more would do, if it weren't that cumbersome to add (required non-dev) composer dependencies to WMF deployed extensions.

Wed, Jun 24, 9:00 AM · MediaWiki-Stakeholders-Group, TechCom-RFC
Legoktm created P11646 (An Untitled Masterwork).
Wed, Jun 24, 8:58 AM
Legoktm added a comment to T255646: [Spike] Preliminary investigation for migration to options instead of on-wiki config.

See https://www.mediawiki.org/wiki/Manual:Hooks/GetPreferences#Default_preferences for reference.

Wed, Jun 24, 8:48 AM · MediaWiki-extensions-GlobalWatchlist, User-DannyS712
Legoktm added a comment to T255646: [Spike] Preliminary investigation for migration to options instead of on-wiki config.

You set the default value through $wgDefaultUserOptions.

Wed, Jun 24, 8:47 AM · MediaWiki-extensions-GlobalWatchlist, User-DannyS712