Last modified: 2014-08-27 17:05:26 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T68226, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 66226 - Review and deploy the "In other projects sidebar" beta feature (part of Wikibase extension)
Review and deploy the "In other projects sidebar" beta feature (part of Wikib...
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
Extension setup (Other open bugs)
wmf-deployment
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on: 66849 66850
Blocks: 31235
  Show dependency treegraph
 
Reported: 2014-06-05 22:59 UTC by Greg Grossmeier
Modified: 2014-08-27 17:05 UTC (History)
12 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Greg Grossmeier 2014-06-05 22:59:55 UTC
https://www.mediawiki.org/wiki/Wikibase/Beta_Features/Other_projects_sidebar

https://www.mediawiki.org/wiki/Extension:Wikibase_Client

== Checklist ==
=== Done ===
# Create Extension: mediawiki.org page for developers and people who will install or configure the extension.
# Create Help:Extension: mediawiki.org page for the end user documentation. Cross-link it with the above.
# Request a component in [[Bugzilla]].
# Get the extension code in [[Gerrit]].

== Not Done ===
# Request (and respond to) a product review, if applicable (''more to come here...'')
# Request (and respond to) a [[WMF Project Design Review Process|design review]], if applicable.
# Request (and respond to) a performance review
# Request (and respond to) a security review
# Show community support/desire for the extension to be deployed, if applicable.


Note: This is already enabled on FR Wikisource.
Comment 1 Lydia Pintscher 2014-06-12 15:08:00 UTC
I have added it to the deployment calendar for June 24th.
Comment 2 Quiddity 2014-06-17 06:16:09 UTC
(In reply to Lydia Pintscher from comment #1)
> I have added it to the deployment calendar for June 24th.

I've added it to https://www.mediawiki.org/wiki/Beta_Features/New_Features
and added an infobox at https://www.mediawiki.org/wiki/Wikibase/Beta_Features/Other_projects_sidebar

@Greg: Is this ready to go otherwise?  (I'm guessing that it doesn't need a separate security/performance review, as it's part of the existing deployed extension?)

@TPT or Lydia: When will this be available at beta.wmflabs? http://en.wikipedia.beta.wmflabs.org/wiki/Special:Preferences#mw-prefsection-betafeatures - It needs to be there for a week, before it can start to ride the deployment train, per https://www.mediawiki.org/wiki/Beta_Features/Package#Release_Requirements

CCing James Forrester, as Beta Features PM.
Comment 3 Lydia Pintscher 2014-06-17 10:34:42 UTC
Deployment to beta is waiting on the merge of two patches by Tpt. It is hard to give a date for that atm but I will hurry it up.
Comment 4 Jared Zimmerman (WMF) 2014-06-17 19:11:18 UTC
While not a requirement, it would be useful for the clickthroughs on these links to be instrumented so that we can make a data informed decision about whether to promote the feature to stable later.
Comment 5 Jared Zimmerman (WMF) 2014-06-17 19:12:03 UTC
Also, can the preliminary security and performance review bugs be linked to this one please.
Comment 6 Greg Grossmeier 2014-06-17 21:40:46 UTC
(In reply to Quiddity from comment #2)
> @Greg: Is this ready to go otherwise?  (I'm guessing that it doesn't need a
> separate security/performance review, as it's part of the existing deployed
> extension?)

There is a line that needs to be drawn in the proverbial sand:

At what point does adding new features to an extension require a new security/perf review?

I don't know the answer to that, and mostly go with my gut right now (you can usually get a pretty good idea from how people talk about the features etc).

Can someone familiar with the code comment on the data flow for this? Where is it getting data from? How is it displaying it? Does it sanitize itself? How is the data modified? etc


(In reply to Jared Zimmerman (WMF) from comment #5)
> Also, can the preliminary security and performance review bugs be linked to
> this one please.

Agreed. Can the person who responds to my above question (Lydia? Tpt?) file the two bugs, please. Make them blockers of this bug. If they're (the reviews) easy/quick, that's even better.


(In reply to Lydia Pintscher from comment #3)
> Deployment to beta is waiting on the merge of two patches by Tpt. It is hard
> to give a date for that atm but I will hurry it up.

It needs to be on the beta cluster before it can go to production. We try to have it there for at least 1 week (7ish days) before.
Comment 7 Kunal Mehta (Legoktm) 2014-06-17 22:01:01 UTC
(In reply to Greg Grossmeier from comment #6)
> (In reply to Quiddity from comment #2)
> > @Greg: Is this ready to go otherwise?  (I'm guessing that it doesn't need a
> > separate security/performance review, as it's part of the existing deployed
> > extension?)
> 
> There is a line that needs to be drawn in the proverbial sand:
> 
> At what point does adding new features to an extension require a new
> security/perf review?
> 
> I don't know the answer to that, and mostly go with my gut right now (you
> can usually get a pretty good idea from how people talk about the features
> etc).

Well, given that the actual code that generates these links was merged in Feburary (and already enabled on a WMF site), it's a bit late for a security review. The amount of code added in If8706343136ca25c0967aad3a8451283330d636f is extremely small compared to the size of the extension, and doesn't warrant a specialized review IMO.

> Can someone familiar with the code comment on the data flow for this? Where
> is it getting data from? How is it displaying it? Does it sanitize itself?
> How is the data modified? etc

I don't understand why this is necessary?

But, it gets the data from the database, and formats it according to how the core hook wants it, which handles the display part. This is all done in Wikibase/client/includes/hooks/OtherProjectsSidebarGenerator.php.

> (In reply to Jared Zimmerman (WMF) from comment #5)
> > Also, can the preliminary security and performance review bugs be linked to
> > this one please.
> 
> Agreed. Can the person who responds to my above question (Lydia? Tpt?) file
> the two bugs, please. Make them blockers of this bug. If they're (the
> reviews) easy/quick, that's even better.
> 

As stated above, I don't think security/performance reviews are necessary. HTH.
Comment 8 Greg Grossmeier 2014-06-17 22:11:47 UTC
(In reply to Kunal Mehta (Legoktm) from comment #7)
> Well, given that the actual code that generates these links was merged in
> Feburary (and already enabled on a WMF site), it's a bit late for a security
> review. The amount of code added in
> If8706343136ca25c0967aad3a8451283330d636f is extremely small compared to the
> size of the extension, and doesn't warrant a specialized review IMO.

Saying something bypassed the process is not a reason for it not to follow the process. # of lines also isn't (inherently) an indicator of security risk.

> > Can someone familiar with the code comment on the data flow for this? Where
> > is it getting data from? How is it displaying it? Does it sanitize itself?
> > How is the data modified? etc
> 
> I don't understand why this is necessary?

They were questions to get an idea of how well security was thought about during the development of the feature.
Comment 9 Greg Grossmeier 2014-06-20 04:59:11 UTC
Just a nit-pick (as I'm updating the calendar, getting all the links lined up):

This new beta feature should be linked on the Beta Features page on the day of. And should it live under mw.org/Wikibase/ or under mw.org/Beta_Features/ ?

<unimportant nit picks />
Comment 10 Kunal Mehta (Legoktm) 2014-06-20 05:06:56 UTC
(In reply to Greg Grossmeier from comment #9) 
> This new beta feature should be linked on the Beta Features page on the day
> of. And should it live under mw.org/Wikibase/ or under mw.org/Beta_Features/
> ?

Put it under Beta Features/ to standardize with all the others. If people get confused, a redirect under Wikibase/ could be created.
Comment 11 Greg Grossmeier 2014-06-20 20:49:39 UTC
(In reply to Kunal Mehta (Legoktm) from comment #10)
> (In reply to Greg Grossmeier from comment #9) 
> > This new beta feature should be linked on the Beta Features page on the day
> > of. And should it live under mw.org/Wikibase/ or under mw.org/Beta_Features/
> > ?
> 
> Put it under Beta Features/ to standardize with all the others. If people
> get confused, a redirect under Wikibase/ could be created.

{{DONE}}
Comment 12 Jared Zimmerman (WMF) 2014-06-24 19:02:48 UTC
Is this testable on a public labs instance yet? like http://en.wikipedia.beta.wmflabs.org/
Comment 13 Lydia Pintscher 2014-06-25 13:16:16 UTC
(In reply to Jared Zimmerman (WMF) from comment #12)
> Is this testable on a public labs instance yet? like
> http://en.wikipedia.beta.wmflabs.org/

No but you can try out the non-beta-feature version at https://fr.wikisource.org/wiki/Britannicus for example.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links