On 12/11/13, Tyler Romeo tylerromeo@gmail.com wrote:
On Wed, Dec 11, 2013 at 2:04 PM, Jon Robson jdlrobson@gmail.com wrote:
Many a time I've talked about this I've hit the argument that gerrit is confusing to some users and is a barrier for development, but this is a terrible unacceptable attitude to have in my opinion. Our end users deserve a certain standard of code. I'm aware using a code review process can slow things down but I feel this is really essential. I for one greatly benefit from having every single piece of my code scrutinized and perfected before being consumed by a wider audience. If this is seen as a barrier, someone should investigate making it possible to send wiki edits to Gerrit to simplify that process.
I can definitely understand the reasoning behind this. Right now with both Gadgets and common.js we are allowing non-reviewed code to be injected directly into every page. While there is a bit of trust to be had considering only administrators can edit those pages, it is still a security risk, and an unnecessary one at that.
I like the idea of having gadgets (and any JS code for that matter) going through Gerrit for code review. The one issue is the question of where would Gadget code go? Would each gadget have its own code repository? Maybe we'd have just one repository for all gadgets as well as common.js (something like operations/common.js)? I don't think sending wiki edits to Gerrit is too feasible a solution, so if this were implemented it'd have to be entirely Gerrit-based.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
One of the primary reasons gadgets/local-js exist is because local wiki-admins feel that the mediawiki code review process is unavailable to them. I would expect any sort of code review requirement for gadgets to meet strong resistance, especially on the smaller wikis.
I also think it would be unenforcable unless one plans to ban personal js in all forms.
--bawolff