I like the idea of more liberally (and perhaps automatically) giving out
the right. As it stands, I'm not even sure who can give out editbugs other
than Andre. In any case I understand it to be a very small number who can.
For a start it would be nice if pretty much any active developer could.
Perhaps even anyone with the editbugs right.
Automated solution would be even better. I suppose one could implement
Dan's suggestion by having a script that sends part A of a token to your
bugzilla email, part b to a your mediawiki email, and asks the user to
produce both.
-bawolff
On 2013-11-06 11:46 AM, "Dan Garry" <dgarry(a)wikimedia.org> wrote:
I don't want anything to stand in the way of good users
Perhaps something similar to autoconfirmed as Thehelpfulone suggested,
i.e.
X total edits across all Wikimedia projects (or on a
single Wikimedia
project), and account was created Y days ago. There are details to work
through with that (e.g. how do we verify bugzilla user a(a)b.com owns the
global account they say they do?), but I think it's a good approach.
Dan
On 6 November 2013 15:38, Rob Lanphier <robla(a)wikimedia.org> wrote:
> On Wed, Nov 6, 2013 at 5:24 AM, MZMcBride <z(a)mzmcbride.com> wrote:
>
> > Our Bugzilla installation at <https://bugs.wikimedia.org/> currently
> > restricts the capabilities of new users as a knee-jerk response to
prior
> > Bugzilla-related vandalism. There are
further details at
> > <https://bugzilla.wikimedia.org/40497>.
> >
>
>
> As I recall, Mark Hershberger and Ariel Glenn were the ones that dealt
with
> most of the aftermath of the attacks that we
received that ultimately
led
> to it being turned off. It was not a knee jerk
response. We
temporarily
> turned it off and turned it back on a few days
later, only to have
dozens
> (hundreds?) of bugs altered in a way that was not
easily reversed.
>
> In consulting with the Bugzilla developers (I believe I may have sent a
> public mail about this to their list), their answer was essentially that
> Bugzilla was never designed for giving editbugs to untrusted users, and
> that by doing so, we had what was coming to us.
>
> We tried reversing it several times, and each time were rewarded with an
> arduous cleanup task. We gave up trying after months. So, calling it
> "kneejerk" is simply wrong. We had a determined vandal who may still be
> among us, and will likely exploit whatever loophole we open up.
>
>
> Increasingly new users are making manual requests to be assigned to
bugs,
> > as they cannot edit others' bugs by
default. This is problematic and
> > disruptive to development efforts.
> >
> > My suggestion is to re-add the "editbugs" user right to new users by
> > default (revert the old settings adjustment). Otherwise, an acceptable
> > workaround needs to be found.
> >
>
> I don't think we can pretend that the vandalism issue is solved,
because
it
> isn't. Bugzilla doesn't have the
vandalism fighting tools that
MediaWiki
> does.
>
> We can certainly do something different than what we're doing, though.
It
> should be easy to get editbugs; just not so easy
that a vandal can get
it.
Anyone have any ideas how to mitigate the vandalism problem?
Rob
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
--
Dan Garry
Associate Product Manager for Platform
Wikimedia Foundation
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l