[x-posting from mediawiki-l]
To Whom It May Concern:
Since 2012, the CheckUser extension has contained functionality to optionally store the encrypted recipients for emails that were sent via Special:EmailUser, if the operator set $wgCUPublicKey to a valid RSA public key. The encryption mechanism used by this logic is outdated and needs an update.[1]
However, it's unclear if anybody is using this feature. It is not enabled in WMF production, and was implemented without a corresponding BZ reference. There is also no functionality in CheckUser that allows access to the stored data.
If you are actively using this functionality and would like it to be retained, please leave a comment on the deprecation task T384460.[2]
[1] https://phabricator.wikimedia.org/T384398 [2] https://phabricator.wikimedia.org/T384460
Yours faithfully, Máté Szabó (he/him/his) Senior Software Engineer, Trust & Safety Product Wikimedia Foundation
I've forwarded this to the Checkuser-L private mailing list. I don't personally have an opinion on this, but other checkusers and stewards may be using some element of the functionality.
Certainly, *knowing* if someone is sending out emails via the interface can be very useful information for us, even if we don't know to whom they have been sent.
Risker/Anne
On Wed, 22 Jan 2025 at 07:22, Máté Szabó mszabo@wikimedia.org wrote:
[x-posting from mediawiki-l]
To Whom It May Concern:
Since 2012, the CheckUser extension has contained functionality to optionally store the encrypted recipients for emails that were sent via Special:EmailUser, if the operator set $wgCUPublicKey to a valid RSA public key. The encryption mechanism used by this logic is outdated and needs an update.[1]
However, it's unclear if anybody is using this feature. It is not enabled in WMF production, and was implemented without a corresponding BZ reference. There is also no functionality in CheckUser that allows access to the stored data.
If you are actively using this functionality and would like it to be retained, please leave a comment on the deprecation task T384460.[2]
[1] https://phabricator.wikimedia.org/T384398 [2] https://phabricator.wikimedia.org/T384460
Yours faithfully, Máté Szabó (he/him/his) Senior Software Engineer, Trust & Safety Product Wikimedia Foundation _______________________________________________ Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org To unsubscribe send an email to wikitech-l-leave@lists.wikimedia.org https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
To clarify, the feature being talked about is not enabled on WMF wikis, so stewards aren't using it.
The knowing an email has been sent is a separate feature afaik.
-- bawolff
On Fri, Jan 24, 2025 at 8:54 PM Risker risker.wp@gmail.com wrote:
I've forwarded this to the Checkuser-L private mailing list. I don't personally have an opinion on this, but other checkusers and stewards may be using some element of the functionality.
Certainly, *knowing* if someone is sending out emails via the interface can be very useful information for us, even if we don't know to whom they have been sent.
Risker/Anne
On Wed, 22 Jan 2025 at 07:22, Máté Szabó mszabo@wikimedia.org wrote:
[x-posting from mediawiki-l]
To Whom It May Concern:
Since 2012, the CheckUser extension has contained functionality to optionally store the encrypted recipients for emails that were sent via Special:EmailUser, if the operator set $wgCUPublicKey to a valid RSA public key. The encryption mechanism used by this logic is outdated and needs an update.[1]
However, it's unclear if anybody is using this feature. It is not enabled in WMF production, and was implemented without a corresponding BZ reference. There is also no functionality in CheckUser that allows access to the stored data.
If you are actively using this functionality and would like it to be retained, please leave a comment on the deprecation task T384460.[2]
[1] https://phabricator.wikimedia.org/T384398 [2] https://phabricator.wikimedia.org/T384460
Yours faithfully, Máté Szabó (he/him/his) Senior Software Engineer, Trust & Safety Product Wikimedia Foundation _______________________________________________ Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org To unsubscribe send an email to wikitech-l-leave@lists.wikimedia.org
https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org To unsubscribe send an email to wikitech-l-leave@lists.wikimedia.org https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
wikitech-l@lists.wikimedia.org