Pre-emptive send wins again. That was meant to be "I don't want anything to stand in the way of good users filing bug reports, but we need to be aware of the previous issues that led to the current situation."
Dan
On 6 November 2013 15:45, Dan Garry dgarry@wikimedia.org wrote:
I don't want anything to stand in the way of good users
Perhaps something similar to autoconfirmed as Thehelpfulone suggested, i.e. X total edits across all Wikimedia projects (or on a single Wikimedia project), and account was created Y days ago. There are details to work through with that (e.g. how do we verify bugzilla user a@b.com owns the global account they say they do?), but I think it's a good approach.
Dan
On 6 November 2013 15:38, Rob Lanphier robla@wikimedia.org wrote:
On Wed, Nov 6, 2013 at 5:24 AM, MZMcBride z@mzmcbride.com wrote:
Our Bugzilla installation at https://bugs.wikimedia.org/ currently restricts the capabilities of new users as a knee-jerk response to prior Bugzilla-related vandalism. There are further details at https://bugzilla.wikimedia.org/40497.
As I recall, Mark Hershberger and Ariel Glenn were the ones that dealt with most of the aftermath of the attacks that we received that ultimately led to it being turned off. It was not a knee jerk response. We temporarily turned it off and turned it back on a few days later, only to have dozens (hundreds?) of bugs altered in a way that was not easily reversed.
In consulting with the Bugzilla developers (I believe I may have sent a public mail about this to their list), their answer was essentially that Bugzilla was never designed for giving editbugs to untrusted users, and that by doing so, we had what was coming to us.
We tried reversing it several times, and each time were rewarded with an arduous cleanup task. We gave up trying after months. So, calling it "kneejerk" is simply wrong. We had a determined vandal who may still be among us, and will likely exploit whatever loophole we open up.
Increasingly new users are making manual requests to be assigned to bugs,
as they cannot edit others' bugs by default. This is problematic and disruptive to development efforts.
My suggestion is to re-add the "editbugs" user right to new users by default (revert the old settings adjustment). Otherwise, an acceptable workaround needs to be found.
I don't think we can pretend that the vandalism issue is solved, because it isn't. Bugzilla doesn't have the vandalism fighting tools that MediaWiki does.
We can certainly do something different than what we're doing, though. It should be easy to get editbugs; just not so easy that a vandal can get it.
Anyone have any ideas how to mitigate the vandalism problem?
Rob _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
-- Dan Garry Associate Product Manager for Platform Wikimedia Foundation