Thanks, Dan... I was going to ask about that, too. I don't understand well enough what is and isn't visible in the API, but I will say that if the API is linking an action (i.e., suppression) to a user (i.e. the specific oversighter) I *do* have a problem with it; we've had experience in the past with people actively harassing oversighters because of legitimate suppressions they've carried out, and perhaps this is exactly how they've found out it was Oversighter A who did that particular suppression.
Risker/Anne
On 9 December 2014 at 14:01, Dan Garry dgarry@wikimedia.org wrote:
Speaking from my experience as an oversighter, I find it a bit strange that when you oversight something, information that is hidden in the UI is not hidden in the API. That notwithstanding, there is nothing particularly private about the information that is shown in the API only (i.e. the type of the action), but I found it strange.
I also find it strange that the fact that this information is still available via the API is not mentioned in the interface. I've been an oversighter for many, many years, and I never knew that this information could be retrieved via the API.
Personally, I prefer the way things are after Chris's change. It makes the UI and API more consistent with each other.
That said, given that there is no particularly private information given out in the API response, I don't think it's worth complaining about Brad's patch. It's not the way I'd prefer it to be, but it doesn't personally strike me as overtly incorrect or as causing any real problems.
Dan
On 1 December 2014 at 17:30, Chris Steipp csteipp@wikimedia.org wrote:
Hi list,
I wanted to get some feedback about https://phabricator.wikimedia.org/T74222. In the last security release, I changed the return of the api to remove
the
"action" for log entries that had been revdeleted with "Hide action and target". However, ever since 2009 / r46917, we've assumed that "Hide
action
and target" didn't mean the actual action field in the db, but rather the target and the text of the message about the action, which might include other parameters. So the message about what's being hidden and the
intended
protection of that option could have slightly different interpretations.
I'd like to hear if anyone has intended for the actual log action to be deleted / suppressed. If not, I'm happy to revert the recent patch, and we'll just update the wording in the deletion UI to be more clear about what is being removed. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
-- Dan Garry Associate Product Manager, Mobile Apps Wikimedia Foundation _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l