John, thank you for writing tis letter, and I agree almost entirely, except: "Also, ideally bots should link to the bot task approval page with every edit, either in the public edit summary or in the (invisible except by ops and check-users) user-agent."
On one hand, approval rules differ from wki ti wiki even within WMF empire, not to talk about other MW installations. There is no base to assume the existence of such a page for each bot and each task. On the other hand, edit summaries are too short and they are planned for human reading, and repeating a page title or any permission is not sign but noise for a human and prevents bot owner of filling in the summary with relevant information. The change of UA for every task is very difficult and I doubt it would be worth.
2014-07-11 15:34 GMT+02:00 John Mark Vandenberg jayvdb@gmail.com:
On Fri, Jul 11, 2014 at 6:50 PM, Antoine Musso hashar+wmf@free.fr wrote:
Le 11/07/2014 01:09, Amir Ladsgroup a écrit :
Hello, As discussions in pywikipedia-l people are not sure whether is
necessary to
add username of bot operator in user agent or not.
In user agent policy <https://meta.wikimedia.org/wiki/User-agent_policy
it's mentioned that people need to add contacting information, but it's
not
clear it's about contacting the tool-maker or tool-user.
Can you clarify it?
Hello,
As K. Peachey said, the aim is for Wikimedia operators to be able to identify the user running the bot. The bot framework might be useful.
A suitable user agent could be:
HasharBot (http://fr.wikipedia.org/wiki/User:Hashar; hashar at free fr)
We most probably already have the username in our logs, doesn't harm to repeat it in the user-agent. IRC nickname and email would be nice additions and probably save time.
Could ops confirm they have the username of each logged in edit at their finger tips (i.e. roughly as easy to access as the user-agent)? Pywikibot doesnt permit logged out edits.
There is some talk that if pywikibot doesnt fix its user-agent string, ops may need to block 'the toolserver' - could ops confirm that they would usually block a bot account before killing a well known IP range like 'the toolserver' (or 'the wmf labs')
IMO it is pretty silly to put the username in the User-Agent for logged in users who are running adhoc tasks using unmodified pywikibot code, as they are the user, not its agent. In that scenario, a distinct version of pywikibot is the agent. And an email address is even worse in this scenario.
I do appreciate the need to uniquely identify different user agents, being any customised code. Pywikibot already detects which (git) revision it is running, and includes that in the user agent. It also checks versions of files, but I dont think it accurately detects "I am a customised bot" and definately doesnt include that in the user agent. It should.
Also, ideally bots should link to the bot task approval page with every edit, either in the public edit summary or in the (invisible except by ops and check-users) user-agent.
Rather than asking bot operators to put an email address in the user agent, is it OK to have special:emailuser enabled on the bot and operator? Or, have a master kill switch on the bot user (task) page? There is talk of an RFC for 'standardising' how the community can interact with pywikibot bots, such as disabling bot tasks or the bot account. https://gerrit.wikimedia.org/r/#/c/137980/ Checking email is enabled, and ensuring the bot can be easily paused by 'the community' (inc. ops) strikes me as what is needed, rather than putting PII into the user *agent*.
-- John Vandenberg
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l