Thanks, Dan... I was going to ask about that, too. I don't understand well
enough what is and isn't visible in the API, but I will say that if the API
is linking an action (i.e., suppression) to a user (i.e. the specific
oversighter) I *do* have a problem with it; we've had experience in the
past with people actively harassing oversighters because of legitimate
suppressions they've carried out, and perhaps this is exactly how they've
found out it was Oversighter A who did that particular suppression.
Risker/Anne
On 9 December 2014 at 14:01, Dan Garry <dgarry(a)wikimedia.org> wrote:
Speaking from my experience as an oversighter, I find
it a bit strange that
when you oversight something, information that is hidden in the UI is not
hidden in the API. That notwithstanding, there is nothing particularly
private about the information that is shown in the API only (i.e. the type
of the action), but I found it strange.
I also find it strange that the fact that this information is still
available via the API is not mentioned in the interface. I've been an
oversighter for many, many years, and I never knew that this information
could be retrieved via the API.
Personally, I prefer the way things are after Chris's change. It makes the
UI and API more consistent with each other.
That said, given that there is no particularly private information given
out in the API response, I don't think it's worth complaining about Brad's
patch. It's not the way I'd prefer it to be, but it doesn't personally
strike me as overtly incorrect or as causing any real problems.
Dan
On 1 December 2014 at 17:30, Chris Steipp <csteipp(a)wikimedia.org> wrote:
Hi list,
I wanted to get some feedback about
https://phabricator.wikimedia.org/T74222.
In the last security release, I changed the return of the api to remove
the
"action" for log entries that had been
revdeleted with "Hide action and
target". However, ever since 2009 / r46917, we've assumed that "Hide
action
and target" didn't mean the actual
action field in the db, but rather the
target and the text of the message about the action, which might include
other parameters. So the message about what's being hidden and the
intended
protection of that option could have slightly
different interpretations.
I'd like to hear if anyone has intended for the actual log action to be
deleted / suppressed. If not, I'm happy to revert the recent patch, and
we'll just update the wording in the deletion UI to be more clear about
what is being removed.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
--
Dan Garry
Associate Product Manager, Mobile Apps
Wikimedia Foundation
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l