Adding extensions under packagist's "mediawiki" vendor

List overview All Threads
Download

newer

older

Brad Jorsch -> Senior Software...

Min php version

Daniel Werner

21 Jul 2015 21 Jul '15

11:52 a.m.

Hi, I'd like to add my extension https://github.com/DanweDE/mediawiki-ext-UserBitcoinAddresses as "mediawiki/user-bitcoin-addresses" in packagist. When trying to do so, packagist states I should ask someone with the proper rights to maintain the "mediawiki" vendor. I have read up on https://www.mediawiki.org/wiki/Manual:Developing_libraries#Packagist_guidel… And I wrote two of the guys listed to have access to the "mediawiki" vendor account but I am not sure I am getting a reply so I thought I'd also try it through this channel. Any advice how I'd get my GitHub repo on packagist under the "mediawiki" vendor would be highly appreciated. Cheers, Daniel

Show replies by date

Bryan Davis

21 Jul 21 Jul

7:29 p.m.

New subject: Adding extensions under packagist's "mediawiki" vendor

On Tue, Jul 21, 2015 at 6:52 AM, Daniel Werner <daniel.a.r.werner(a)gmail.com> wrote:

...

Migrate the origin repository to the Wikimedia gerrit hosting where the MediaWiki developer community has access to fix security issues and I'll be glad to make sure that Packagist integration is setup properly from there. You are of course free to publish your extension under your own vendor prefix, but if you want to take advantage of the MediaWiki vendor prefix the MediaWiki community needs to be be able to assert some measure of control over the published package. On a semi-related note, use of autoload.files to register an extension with MediaWiki after installation via Composer should be considered a deprecated feature [0]. [0]: https://phabricator.wikimedia.org/T467#1464482 Bryan -- Bryan Davis Wikimedia Foundation <bd808(a)wikimedia.org> [[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA irc: bd808 v:415.839.6885 x6855

Gergo Tisza

8:30 p.m.

New subject: Adding extensions under packagist's "mediawiki" vendor

On Tue, Jul 21, 2015 at 2:29 PM, Bryan Davis <bd808(a)wikimedia.org> wrote:

...

That could also be done via a Wikimedia organization on GitHub, if we don't want to force specific workflows on developers. Although it certainly makes life easier if all "official" extensions share the same code review and CI infrastructure.

Jeroen De Dauw

10:42 p.m.

New subject: Adding extensions under packagist's "mediawiki" vendor

Hey Bryan, What exactly justifies such an authoritarian "need to go though some permission process" setup? Exactly what problems are we currently seeing? I'm very sceptical about such an approach. Sure you can say things such as that I'd be nice for other people to have access. The reality is that most people don't care about most extensions and that a lot of them end up being unmaintained and very low quality to begin with. Telling volunteers they should go follow a process they do not want to follow and that they should use a code hosting service they do not want to use has its down sides. This was also not done in the past. You did not need approval to create a "certified MediaWiki extension" or something like that. Cheers -- Jeroen De Dauw - http://www.bn2vs.com Software craftsmanship advocate Developer at Wikimedia Germany ~=[,,_,,]:3

Bryan Davis

10:57 p.m.

New subject: Adding extensions under packagist's "mediawiki" vendor

On Tue, Jul 21, 2015 at 5:42 PM, Jeroen De Dauw <jeroendedauw(a)gmail.com> wrote:

...

As of https://github.com/composer/packagist/issues/163#issuecomment-99673878 Packagist itself has created this restriction of vendor namespaces actually indicating some level of ownership. A vendor is a supplier of a good or service. Publishing something as mediawiki/* is explicitly claiming affiliation with the MediaWiki open source project. As such it seems not unreasonable to ensue that projects claiming to be supplied by the MediaWiki community actually are indeed serviceable by that community. Note that there is no form of restriction for publishing a package that provides a MediaWiki extension or other related functionality under another namespace. I would certainly welcome an RfC discussion of the current policy and a potential replacement. From my point of view, use of the MediaWiki brand implies endorsement by the MediaWiki community and thus should only be easily available to projects that are able to be contributed to and managed by that community. If for example a serious security flaw was found in a mediawiki/foo package on Packagist the community should be empowered to fix it. Bryan -- Bryan Davis Wikimedia Foundation <bd808(a)wikimedia.org> [[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA irc: bd808 v:415.839.6885 x6855

Mark A. Hershberger

22 Jul 22 Jul

12:37 a.m.

New subject: Standardizing extension development practices

Bryan Davis <bd808(a)wikimedia.org> writes:

...

On Tue, Jul 21, 2015 at 5:42 PM, Jeroen De Dauw <jeroendedauw(a)gmail.com> wrote: > What exactly justifies such an authoritarian "need to go though some > permission process" setup? Exactly what problems are we currently > seeing?

...

I would certainly welcome an RfC discussion of the current policy and a potential replacement. From my point of view, use of the MediaWiki brand implies endorsement by the MediaWiki community and thus should only be easily available to projects that are able to be contributed to and managed by that community. If for example a serious security flaw was found in a mediawiki/foo package on Packagist the community should be empowered to fix it.

This discussion is at least tangentially related to the IdeaLab project that Chris Koerner and I formulated at Wikimania: https://meta.wikimedia.org/wiki/Grants:IdeaLab/Making_Gerrit_access_easier_… There are benefits to using the Gerrit.w.o -- the git repository that most MW-experienced developers are using, and where they have rights to upgrade code (e.g. the i18n conversion to json) -- instead of Github, Assembla, Kiln, or Bitbucket. We've done a poor job of explaining the benefits, though, and, more than that, providing an infrastructure that developers not deeply involved with the WMF can use, though. I invite your comments on the IdeaLab proposal page. Maybe it means improving MediaWiki support for developers on GitHub, but if that is the route we go, then we need to figure out a way to do that. Mark. -- Mark A. Hershberger NicheWork LLC 717-271-1084

Daniel Werner

8:58 a.m.

New subject: Adding extensions under packagist's "mediawiki" vendor

Thank you folks! I guess I wasn't logged in when I first tried. It works fine now [0]. Anyhow, I am with Gergo and Jeroen on the issue of code hosting and I chose to use GitHub. I also have lots of extensions on WM's facilities and won't change that in the near future but I am switching to GitHub as I am maintain more and more also non-MW related packages there and I feel like it is less troublesome even though I have also worked on Gerrit for 19 months on a daily basis when working as part of the Wikidata team. Also, some of the biggest MW extensions such as "Semantic MediaWiki" and "Maps" seem to be hosted on GitHub already and I can not see how they would lack any support from our community in terms of contributions. Cheers, Daniel [0]: https://packagist.org/packages/mediawiki/user-bitcoin-addresses On 22 July 2015 at 00:57, Bryan Davis <bd808(a)wikimedia.org> wrote:

...

On Tue, Jul 21, 2015 at 5:42 PM, Jeroen De Dauw <jeroendedauw(a)gmail.com> wrote:

that I'd be nice for other people to have access. The reality is that

most

people don't care about most extensions and that a lot of them end up

being

unmaintained and very low quality to begin with. Telling volunteers they should go follow a process they do not want to follow and that they

should

use a code hosting service they do not want to use has its down sides.

This

was also not done in the past. You did not need approval to create a "certified MediaWiki extension" or something like that.

Federico Leva (Nemo)

2:13 p.m.

Gerrit is too unpredictable for users: https://phabricator.wikimedia.org/T86476#1462980 . It's probably easier and more functional to create some "mediawiki-users" vendor on packagist and let any MediaWiki sysadmin (not developer) join to add the packages they need for whatever reason. Nemo

Chad

3:04 p.m.

New subject: Adding extensions under packagist's "mediawiki" vendor

On Wed, Jul 22, 2015 at 7:13 AM Federico Leva (Nemo) <nemowiki(a)gmail.com> wrote:

...

Forcing people to use Gerrit is quite possibly a violation of the Geneva Convention. -Chad

Antoine Musso

23 Jul 23 Jul

8:52 p.m.

New subject: Adding extensions under packagist's "mediawiki" vendor

Le 22/07/2015 16:13, Federico Leva (Nemo) a écrit :

...

About https://gerrit.wikimedia.org/r/#/c/225663/ which states:

...

Revert "Convert to globals and add composer support" The RfC for adding composer support for extensions was declined. We should not be adding composer support to more extensions.

Which removes: https://gerrit.wikimedia.org/r/#/c/190027/14/composer.json,unified And honestly I am confused. From my understanding we wanted to come in a position where we use composer to download the packages and resolve the dependencies then the extension loader, potentially having the extension loader as a composer plugin. -- Antoine "hashar" Musso

3223

days inactive

3225

days old

wikitech-l@lists.wikimedia.org

Manage subscription

9 comments

8 participants

tags (0)

participants (8)

Antoine Musso
Bryan Davis
Chad
Daniel Werner
Federico Leva (Nemo)
Gergo Tisza
Jeroen De Dauw
Mark A. Hershberger