[04:58:45] <CosmicAlpha>	 reception123, I thought the plan was to automate it entirely? In which case ssl-certificate.py would be made redundant for the automate stuff would not use it exactly would be different.
[04:59:14] <CosmicAlpha>	 @reception123 ^
[06:36:02] <MirahezeRelay>	 <reception123> @cosmicalpha oh I see, I thought it would still automatically run ssl-certificate
[06:37:17] <MirahezeRelay>	 <cosmicalpha, replying to reception123> Now that I think about it maybe it would in a way very similar to how icinga runs ssl renewals with the webhook. My version that I drafted for it initially was based off the icinga one...
[06:38:14] <MirahezeRelay>	 <reception123, replying to cosmicalpha> Yeah, Rhinos also suggested we use the icinga checks for CNAME and NS
[06:38:24] <MirahezeRelay>	 <cosmicalpha> But domain check being in RequestSSL makes sense so it can like comment on the or control the UI from RequestSSL.
[06:38:56] <MirahezeRelay>	 <cosmicalpha> It gives more MW control.
[22:36:01] <MirahezeRelay>	 <rhinosf1> @.labster I will write my ideas out properly soon
[22:36:21] <MirahezeRelay>	 <rhinosf1> It's kind of inspired by WMF security's new tool but less wmfy
[22:36:32] <MirahezeRelay>	 <rhinosf1> And more suited to us
[22:36:53] <MirahezeRelay>	 <.labster> Hey, it's always a good idea to use tools available to us.
[22:37:13] <MirahezeRelay>	 <.labster> At the very least we could have the humans doing reviews assign a rating.
[22:37:24] <MirahezeRelay>	 <rhinosf1> @.labster one of my main things is no extension is risk free. Every time we install an extension we accept a risk but we don't monitor or track that in anyway.
[22:37:37] <MirahezeRelay>	 <rhinosf1> Humans would assign a rating
[22:37:48] <MirahezeRelay>	 <.labster> We also take a risk when we install MW upgrades.
[22:38:17] <MirahezeRelay>	 <rhinosf1> We'd record an automated score (which assigns a provisional rating), humans will record their score from their review, system will then output a combined score.
[22:38:26] <MirahezeRelay>	 <rhinosf1> Which will then give you a risk rating
[22:38:51] <MirahezeRelay>	 <rhinosf1> The risk ratings are likely to be dynamic and based on our current overall risk
[22:39:27] <MirahezeRelay>	 <.labster, replying to rhinosf1> this sounds like management-speak
[22:39:59] <MirahezeRelay>	 <rhinosf1, replying to .labster> Part of my job is writing risk assessments and standard operating procedures for the public sector
[22:40:33] <MirahezeRelay>	 <.labster> It's something that sounds like it has meaning but doesn't to me.
[22:41:00] <MirahezeRelay>	 <rhinosf1> To which someone tried to write in procedures for going to the loo in a standard operating procedure which had me and the senior reviewer laughing a lot
[22:41:22] <MirahezeRelay>	 <rhinosf1> We can not find a UK government policy on going to the toilet while at work
[22:41:40] <MirahezeRelay>	 <rhinosf1> I may have spent a good ten minutes laughing at that
[22:42:34] <MirahezeRelay>	 <rhinosf1, replying to .labster> It's not just management speak. It should give a better oversight of how well maintained the extensions we make available are and if they meet security standards.
[22:42:45] <MirahezeRelay>	 <rhinosf1> And if generally things are getting better or worse
[22:43:24] <MirahezeRelay>	 <notaracham> ```So if an extension that was running phan & developed by a WMF staff by theirselves suddenly had CI turned off and someone with no experience take over, it could also tell you that there's been a significant change since install``` this part in particular is interesting and a gap today, as I udnerstand it.
[22:43:54] <MirahezeRelay>	 <rhinosf1> Which will allow us to tell if an extension which was once really good changed rating because we changed the criteria and a bunch of extensions did (hence, the overall rating for the farm changes too) or if that extension has had a change
[22:44:14] <MirahezeRelay>	 <rhinosf1, replying to notaracham> Once an extension is installed, we currently perform zero reviews after that point.
[22:44:19] <MirahezeRelay>	 <rhinosf1> That may change
[22:44:48] <MirahezeRelay>	 <notaracham> That'd be nice, I forget which one but there was an extension that got radically rewritten in a recent release and we had to disable globally.
[22:44:51] <MirahezeRelay>	 <rhinosf1> If circumstances indicate an extension that previously should have needed minimal oversight suddenly started posing a much higher risk
[22:45:31] <MirahezeRelay>	 <rhinosf1> Rewrites alone won't decrease the score but a change in maintainers, CI rules, outputs of some scanning tools will
[22:46:55] <MirahezeRelay>	 <rhinosf1> Change in maintainers will be based on if they are WMF staff, trusted by us or have mediawiki +2
[22:47:16] <MirahezeRelay>	 <rhinosf1> Likely
[22:47:26] <MirahezeRelay>	 <rhinosf1> Now off to sleep
[22:47:35] <MirahezeRelay>	 <.labster> Sounds all pretty good
[22:47:38] <MirahezeRelay>	 <.labster> Have a good sleep
[23:03:51] <MirahezeRelay>	 <cosmicalpha> @.labster moving here, but re #general can't think of anythubf exactly right now, I do find it funny the DPL3 I maintain is used by Fandom also now, so they do PRs every once in a while to fix things also lol
[23:04:44] <MirahezeRelay>	 <.labster> Are they still hosting the documentation on the old gamepedia wiki?
[23:05:13] <MirahezeRelay>	 <cosmicalpha, replying to .labster> <https://help.fandom.com/wiki/Extension:DPL3/Manual>
[23:06:03] <MirahezeRelay>	 <.labster> Shall we move that over here so we're not relying on an archived wiki that may be accidentally closed?
[23:06:44] <MirahezeRelay>	 <raidarr> having a mirror for that, portableinfoboxes and perhaps whatever of use would be nice
[23:06:53] <MirahezeRelay>	 <raidarr> always meant to have a miraheze pi guide especially
[23:07:11] <MirahezeRelay>	 <pixldev> prob
[23:07:11] <MirahezeRelay>	 <.labster> [1/5] ```brent@MacBook-Pro ~/c/WikiDiscover (master)> man php
[23:07:11] <MirahezeRelay>	 <.labster> [2/5] No manual entry for php
[23:07:12] <MirahezeRelay>	 <.labster> [3/5] brent@MacBook-Pro ~/c/WikiDiscover (master) [1]> php
[23:07:12] <MirahezeRelay>	 <.labster> [4/5] fish: Unknown command: php```
[23:07:12] <MirahezeRelay>	 <.labster> [5/5] /me dies 😵
[23:07:13] <MirahezeRelay>	 <cosmicalpha> Not sure if that has some of the new features I added either. So I've been thinking of documenting a lot of it using GH wikis function but we could port somewhere else. There is also dpl3.wikitide.org
[23:07:38] <MirahezeRelay>	 <notaracham> There's a nice tidy pin in general with links to all the most important PI stuff on fandom.
[23:07:48] <MirahezeRelay>	 <raidarr> the problem is the fandom bit
[23:08:02] <MirahezeRelay>	 <pixldev, replying to cosmicalpha> still has the boilerplate mainpage
[23:08:10] <MirahezeRelay>	 <raidarr> I wonder if it would be permissible to just mirror them or if they have to be rewritten to a degree
[23:08:33] <MirahezeRelay>	 <raidarr> fandom's license is 'similar' but I know it had some quirks
[23:08:42] <MirahezeRelay>	 <originalauthority> They're under CCBYSA on Fandom aren't they?
[23:08:47] <MirahezeRelay>	 <cosmicalpha, replying to pixldev> lol anyway <https://dpl3.wikitide.org/wiki/Special:AllPages> there are pages...
[23:09:13] <MirahezeRelay>	 <.labster> Oddly it's CC-BY-NC-SA
[23:09:18] <MirahezeRelay>	 <raidarr> I know that's the gist of the license but they did other stuff I'm not 100% caught up on, something to guarantee before things are pulled over
[23:09:45] <MirahezeRelay>	 <.labster> So the fact they're running ads there is copyvio
[23:09:58] <MirahezeRelay>	 <raidarr> I think that's where they may have modified it
[23:10:18] <MirahezeRelay>	 <raidarr> surely they're not just running a straight copy and then doing commercial advertising
[23:11:11] <MirahezeRelay>	 <originalauthority> I assume it's just a left over license from Gamepedia.
[23:12:16] <MirahezeRelay>	 <.labster> Yes, but it doesn't change that Fandom doesn't have a license to host it, because their license can easily be terminated by copyvio
[23:12:34] <MirahezeRelay>	 <originalauthority> not disagreeing
[23:13:04] <MirahezeRelay>	 <originalauthority> in some respect they could argue they are just using the funds generated by that particular wiki to sustain that wiki and aren't making any commercial gain off it which is probably in complaince.
[23:13:36] <MirahezeRelay>	 <pixldev, replying to .labster> you saying we can sue em?
[23:14:11] <MirahezeRelay>	 <raidarr> if miraheze cancels the new servers and shortens its timeline of life to months so it can show up in a court for a little bit, then yes
[23:18:20] <MirahezeRelay>	 <.labster, replying to pixldev> You can if you helped to write the documentation, yes.
[23:18:36] <MirahezeRelay>	 <.labster> You have to be a copyright holder though.
[23:18:41] <MirahezeRelay>	 <pixldev> hm
[23:18:50] <MirahezeRelay>	 <pixldev> is the miraheze time machine workin
[23:19:09] <MirahezeRelay>	 <.labster> Of course, Sherman
[23:45:05] <MirahezeRelay>	 <.labster> Does CreateWiki support Postgres?
[23:58:30] <MirahezeRelay>	 <.labster> what the heck is `wiki_url` in cw_wikis and why is it nullable?