An Outreachy candidate for http://mediawiki.org/wiki/Accuracy_review who went ahead and started unpaid has been making good progress, and is about to land the central guts of the project on github. It's a new way to transition from creating to maintaining Wikipedia articles, with an emphasis on detecting outdated statistics, fighting bias including paid advocacy of all kinds, and proofreading WEP student work. It's been going slow, mostly because the original trial run architecture was too dependent on email.
However, before she gets there, could one or two people who are maybe beginner or intermediate with Python but advanced with Mediawiki or PHP please test her user authentication and login framework?
https://github.com/priyankamandikal/wikireview/ https://github.com/priyankamandikal/wikireview/issues
It's built for PythonAnywhere because it shouldn't run on Wikimedia servers, because of the safe harbor DMCA provisions precluding editorial control by web hosts. Please report any issues on github and note your results on the Phabricator task to prevent duplication of effort.
Thanks in advance!
Best regards, Jim Salsman
On Wed, Jan 13, 2016 at 9:25 AM, James Salsman jsalsman@gmail.com wrote:
.. please test her user authentication and login framework?
Have you looked at using OAuth for authentication? There are numerous OAuth providers, and using them removes the largest possible problem from the app.
It's built for PythonAnywhere because it shouldn't run on Wikimedia servers, because of the safe harbor DMCA provisions precluding editorial control by web hosts.
IMO it should be set up on Tool labs, where more people can play with it. It isnt editorial control if it uses logic to *identify* potential problems in content. That isn't exerting editorial control. Editorial decisions are being made by reviewers who are not the WMF webhost.
Have you looked at using OAuth for authentication?
Yes; the modules in use support OAuth but we made a conscious decision to support anonymity. Lack of anonymity can interfere with the operation of the reviewer reputation database.
On Tuesday, January 12, 2016, James Salsman jsalsman@gmail.com wrote:
An Outreachy candidate for http://mediawiki.org/wiki/Accuracy_review who went ahead and started unpaid has been making good progress, and is about to land the central guts of the project on github. It's a new way to transition from creating to maintaining Wikipedia articles, with an emphasis on detecting outdated statistics, fighting bias including paid advocacy of all kinds, and proofreading WEP student work. It's been going slow, mostly because the original trial run architecture was too dependent on email.
However, before she gets there, could one or two people who are maybe beginner or intermediate with Python but advanced with Mediawiki or PHP please test her user authentication and login framework?
https://github.com/priyankamandikal/wikireview/ https://github.com/priyankamandikal/wikireview/issues
It's built for PythonAnywhere because it shouldn't run on Wikimedia servers, because of the safe harbor DMCA provisions precluding editorial control by web hosts. Please report any issues on github and note your results on the Phabricator task to prevent duplication of effort.
Thanks in advance!
Best regards, Jim Salsman
On Tue, Jan 19, 2016 at 4:22 PM, James Salsman jsalsman@gmail.com wrote:
Have you looked at using OAuth for authentication?
Yes; the modules in use support OAuth but we made a conscious decision to support anonymity. Lack of anonymity can interfere with the operation of the reviewer reputation database.
I'd love to read the background discussion that led to that decision.
Could you identify which part of MediaWiki's OAuth implementation has unacceptable problems regarding anonymity?
If you are setting high standards/promises in that regard, your alternative implementation of user authentication will need to be extremely carefully written (as will your entire codebase need very good security auditing).
Have you looked at using OAuth for authentication?
Yes; the modules in use support OAuth but we made a conscious decision to support anonymity. Lack of anonymity can interfere with the operation of the reviewer reputation database.
I'd love to read the background discussion that led to that decision.
Here is the pertinent excerpt:
"I would prefer to have text presented to reviewers anonymously. While we can and do make reputation decisions about particular users, wikipedia editing is generally pseudonymous with little control over identity and password security. There are already tools for addressing user-oriented issues. All of the accuracy review contemplated in the original assignment assumes that review is anonymous so that reviewers can not be influenced by, e.g., commercial loyalties or bribery."
Could you identify which part of MediaWiki's OAuth implementation has unacceptable problems regarding anonymity?
Let me think about that and respond later, please. Upgrading to do that might be more configuration than re-coding.
If you are setting high standards/promises in that regard, your alternative implementation of user authentication will need to be extremely carefully written (as will your entire codebase need very good security auditing).
Hence my request for people to have a look at it. The Python Flask default login system is being used.
wikitech-l@lists.wikimedia.org