[00:20:17] <MirahezeRelay>	 <pixldev, replying to pixldev> Side note, is CL a nice to have position or a “ we’d REEEEEAAAALLLYYY rather have one then not”?
[01:44:57] <MirahezeRelay>	 <m3w, replying to pixldev> looking at the staff page at meta, what is the difference between steward vs global sysop? seems like overlap honestly
[01:46:31] <PixDeVl>	 Oh don't worry
[01:46:47] <PixDeVl>	 We are planning to make them even more the same
[01:47:15] <PixDeVl>	 In it's current form GS is very CVT
[01:47:31] <MirahezeRelay>	 <notaracham> (this is partly jokes, to clarify)
[01:47:35] <PixDeVl>	 A global sysop
[01:47:37] <MirahezeRelay>	 <m3w> perhaps Community Liaison should be removed from Tech:Organization and kept as separate from both community and tech roles, would make the separation clear
[01:47:59] <MirahezeRelay>	 <m3w, replying to PixDeVl> then that's an overlap to merge users of both roles
[01:48:19] <MirahezeRelay>	 <m3w> i'm looking at the surface here
[01:48:59] <MirahezeRelay>	 <notaracham> There's a place for a superset of CVT roles, there's a place for advanced 'get well'/local project health roles
[01:49:02] <PixDeVl>	 It's meant to become a mini steward iirc, doing some basic non policy related stuff on noticeboards like SR/UD(where content policy is not involved) restricted changes
[01:49:23] <PixDeVl>	 Steward are still the global enforces of all global policy
[01:49:32] <MirahezeRelay>	 <notaracham> Thing is, we've got folks with different expertise and interest in duties for a currently nebulous rile
[01:49:39] <PixDeVl>	 the community leader figures the fanciest of hats
[01:49:43] <PixDeVl>	 rile?
[01:49:46] <PixDeVl>	 thats a new one
[01:50:02] <MirahezeRelay>	 <notaracham> Typo that edits don't carry to irc
[01:50:19] <PixDeVl>	 ah
[01:50:29] <MirahezeRelay>	 <notaracham> Just imagine it says role
[01:50:30] <PixDeVl>	 role?
[01:50:33] <PixDeVl>	 ah
[01:51:47] <PixDeVl>	 @m3w I don't think CL is enough to need it's own page and can't think of a great community page for it so T:ORG is prob best imho
[01:52:18] <MirahezeRelay>	 <m3w> going to be a bit honest here, it seems some issues were born from trying to implement similar to wikipedia instead of trying to set up something that matches skills, experience, and actual needs
[01:52:36] <MirahezeRelay>	 <m3w, replying to PixDeVl> I mean to move it back to Organisation as a separate section
[01:52:46] <MirahezeRelay>	 <notaracham> Still mulling on the future state, but we've finally got the tech and financial breathing room to ideate, and that's a very excellent place to to be.
[01:52:55] <PixDeVl>	 Ah
[01:53:07] <MirahezeRelay>	 <m3w> I mean why would a bridge role be listed under tech org?
[01:53:25] <PixDeVl>	 @notaracham +1 to that!
[01:53:26] <MirahezeRelay>	 <m3w> that just makes it lean more technical than say a press officer/communicator
[01:53:33] <MirahezeRelay>	 <notaracham> Despite turmoil, I'm glad we've gotten here and the ideas being generated are exciting
[01:53:35] <PixDeVl>	 Eh it's fine imo
[01:53:38] <PixDeVl>	 Agreed
[01:53:50] <PixDeVl>	 Even with the ufortunate loss on the way:(
[01:53:57] <PixDeVl>	 (agent :sob:)
[01:54:12] <PixDeVl>	 ;(
[01:54:21] <PixDeVl>	 anyways
[01:54:26] <PixDeVl>	 What's done is done.
[01:54:33] <MirahezeRelay>	 <m3w, replying to notaracham> to this point, I have spoken with both infrastructure folks and both have confidence at being able to take in large wikis in the millions of page traffic on current systems
[01:55:05] <MirahezeRelay>	 <m3w> on that point, the more mature communities that join would boost Miraheze in reputation and potentially in donations
[01:55:18] <MirahezeRelay>	 <notaracham> We're in a great position on capacity, to a point, yes.
[01:55:26] <PixDeVl>	 As unfortunate as it is it's more unfortunate to bitch and moan bout it. We move on, we live with and learn from our mistakes, and we work on making the best farm and community we can.
[01:56:25] <MirahezeRelay>	 <m3w> think from an outsider's perspective, believe I can effectively point out policies that are ineffective or lacking [such as a gap], improvements to overall org structure
[01:56:48] <PixDeVl>	 Like what?
[01:58:37] <MirahezeRelay>	 <m3w> [1/4] since i've been banging on dormancy
[01:58:37] <MirahezeRelay>	 <m3w> [2/4] - wikis that are zombies or completely abandoned can either be deleted outright, listed on open for adoption with detail plan
[01:58:37] <MirahezeRelay>	 <m3w> [3/4] - handling "wikis open for adoption"
[01:58:38] <MirahezeRelay>	 <m3w> [4/4] - wiki requesters who resign or request GDPR where no community formed -> deleted outright
[01:59:03] <PixDeVl>	 hm
[01:59:24] <PixDeVl>	 I think for the last one leaving that to DP is fin
[01:59:40] <PixDeVl>	 are we still using https://meta.miraheze.org/wiki/Talk:Miraheze_Volunteering_Opportunities#Call_for_volunteers_for_SRE_roles for 'applications'?
[01:59:43] <MirahezeRelay>	 <notaracham> We did recently tighten DP on zombies
[01:59:59] <MirahezeRelay>	 <notaracham> Or zero edit ones, at least
[02:00:05] <MirahezeRelay>	 <m3w> [1/2] if there's nobody there and the requesting person quits, why let DP handle it. 
[02:00:05] <MirahezeRelay>	 <m3w> [2/2] note the script is not functional
[02:00:10] <PixDeVl>	 Although I think we still need to actually update the script yeaaaaaa
[02:00:18] <MirahezeRelay>	 <notaracham> Still some refinement possible, though
[02:01:18] <PixDeVl>	 Reception recommended I try my hand at it but CA said 'mate even I don't understand 80% of this shit i'd stay far away'
[02:02:13] <MirahezeRelay>	 <notaracham> Some of these dormancy handling ideas are interesting but given limited human bandwidth thought on how to limit manual touch would be needed.
[02:02:36] <MirahezeRelay>	 <notaracham> Thanks for your outside perspective, M3w!
[02:02:41] <MirahezeRelay>	 <m3w> [1/5] ^i'm planning a replacement script based on my draft proposal
[02:02:42] <MirahezeRelay>	 <m3w> [2/5] in terms of contacting, i'm drawing up a script to better inform such as
[02:02:42] <MirahezeRelay>	 <m3w> [3/5] - using mass message to all active users
[02:02:42] <MirahezeRelay>	 <m3w> [4/5] - idk if retrieving bcrat/admin emails to mass email isn't a violation of GDPR unless privacy or global policy grants Miraheze to send automated messages for legit purposes. There is massemail extension and appears approved
[02:02:43] <MirahezeRelay>	 <m3w> [5/5] I have preliminary sql queries to get the points possible for automation
[02:03:14] <MirahezeRelay>	 <m3w> in the end, its dead weight dragging around
[02:03:17] <PixDeVl>	 I think we email crats on deletion
[02:03:52] <MirahezeRelay>	 <notaracham> Even if implementation as suggested isn't feasible, reviewing candidates still good food for thought for future solutions
[02:03:54] <MirahezeRelay>	 <m3w> I haven't read ToS to check if that's a consented activity, hope its in there
[02:04:46] <PixDeVl>	 Well active user seems weird to me
[02:04:50] <PixDeVl>	 if it's inacitve
[02:04:58] <PixDeVl>	 no active users
[02:05:21] <MirahezeRelay>	 <m3w, replying to notaracham> [1/4] the sql queries are for 
[02:05:22] <MirahezeRelay>	 <m3w, replying to notaracham> [2/4] - getting list of folks with admin or bcrat, active users
[02:05:22] <MirahezeRelay>	 <m3w, replying to notaracham> [3/4] - properly filtering recentchanges
[02:05:22] <MirahezeRelay>	 <m3w, replying to notaracham> [4/4] the rest can't be automated, would be manual reports that would be subject to policy related to requesting a wiki and expectations. there's a global policy, forget name
[02:05:26] <PixDeVl>	 I think emailing crats and admin is good
[02:06:05] <PixDeVl>	 Dormancy Policy Exemptios?
[02:06:59] <MirahezeRelay>	 <m3w> [1/5] here's the thing, if the following all return an empty set then just delete it. why wait the full period? waste of time
[02:07:00] <MirahezeRelay>	 <m3w> [2/5] - no one is in any local usergroup
[02:07:00] <MirahezeRelay>	 <m3w> [3/5] - active user list is empty
[02:07:00] <MirahezeRelay>	 <m3w> [4/5] - no activity [ignoring renames, registration, other global changes not relevant]
[02:07:01] <MirahezeRelay>	 <m3w> [5/5] if any is not empty, generate a report for stewards
[02:07:08] <MirahezeRelay>	 <notaracham> Maybe something fancy with DPL3 and read from a database-adjacent extension could be possible for generating lists of adoption eligible wikis
[02:07:30] <MirahezeRelay>	 <notaracham> With the right non PII bits exposed
[02:08:08] <MirahezeRelay>	 <m3w> I was thinking for script to write to a file and that gets emailed to stewards for them to review
[02:08:21] <MirahezeRelay>	 <notaracham> That's just blue sky thoughts for now, though.
[02:08:36] <MirahezeRelay>	 <m3w> no plans to over complicate it, the simpler it is; easier for others to fix or build upon
[02:08:45] <MirahezeRelay>	 <notaracham> Even with our expanded steward bench, time remains a premium
[02:09:11] <MirahezeRelay>	 <notaracham> Less volunteer hours needed for manual action, the better
[02:09:14] <PixDeVl>	 Maybe wiki creators could check and filter to stewards
[02:09:23] <MirahezeRelay>	 <m3w> ^could work too
[02:09:29] <MirahezeRelay>	 <notaracham> That might be worthwhile, yes
[02:09:38] <MirahezeRelay>	 <m3w> if its absolutely dead, its dead weight
[02:09:44] <MirahezeRelay>	 <notaracham> That's already in their wheelchair
[02:09:50] <MirahezeRelay>	 <notaracham> Oh jeezis
[02:10:15] <MirahezeRelay>	 <notaracham> *wheelhouse, goddamn autocorrect
[02:10:54] <PixDeVl>	 Also, any sort of instant deletion without notice and ample time is prob a bad idea. Assuming thats what you meant
[02:11:29] <MirahezeRelay>	 <m3w> as for overall roles across the board, my suggestion is don't look at wikipedia or even bulbapedia [recently slimed down]. think what the basic roles are needed and start there, try to merge roles that overlap or duties can be handed upstream
[02:11:59] <MirahezeRelay>	 <m3w, replying to PixDeVl> for recentchanges, i'm looking at 1000 results from past 30 or 60 days. can bump it to 90 days
[02:12:41] <MirahezeRelay>	 <m3w> if there is no rollback, sysop, bcrat + no active users listed + no relevant activity...that's dead weight
[02:13:22] <MirahezeRelay>	 <m3w> if someone requests a wiki and resigns, only person on wiki...why not delete it unless want to list it for adoption?
[02:13:39] <MirahezeRelay>	 <m3w> if someone requests a wiki, requests gdpr, was only person...why not just delete it?
[02:14:10] <MirahezeRelay>	 <m3w> at some point, certain situations are a waste of time for stewards or wiki creators
[02:16:31] <PixDeVl>	 The principle still stands imo
[02:18:20] <MirahezeRelay>	 <m3w> if it was 1 person who resigned or requested gdpr, that's explicit for wiki deletion
[02:18:51] <MirahezeRelay>	 <m3w> if are are active users, poke them
[02:20:30] <MirahezeRelay>	 <m3w> that reminds me, looking at the current board of directors...this lacks community roles. This is literally composed of SRE
[02:21:08] <PixDeVl>	 m3w
[02:21:26] <PixDeVl>	 You were literally just talking with one of the non SRE Board members
[02:21:48] <PixDeVl>	 lol
[02:21:59] <MirahezeRelay>	 <cosmicalpha, replying to m3w> I haven't caught up but if I understand what you mean correctly, this will not be automated, and is up to Stewards how to handle in the end. It doesn't really fit into RemovePII as it'd make it to specific etc...
[02:22:40] <MirahezeRelay>	 <cosmicalpha> Sorry if I'm not making sense. I'm not sure I understand what you mean correctly.
[02:23:00] <PixDeVl>	 no one ever makes sense here CA
[02:25:06] <MirahezeRelay>	 <m3w, replying to PixDeVl> [1/3] ok, thought NotAracham had technical background but still that's the secretary
[02:25:06] <MirahezeRelay>	 <m3w, replying to PixDeVl> [2/3] honestly a new seat on the board for "community liaison" would be good. someone that represents the community's interest. that can easily help rebuild any loss of trust by the board.
[02:25:06] <MirahezeRelay>	 <m3w, replying to PixDeVl> [3/3] - same concept Jeff Bezos uses. an empty chair that represents the customer
[02:26:05] <MirahezeRelay>	 <m3w, replying to cosmicalpha> I know its a minor edge case for dormancy, but if its 1 person that exists and quits with nuking request...may as well just delete their wikis requested
[02:26:33] <PixDeVl>	 That's what community directors are meant to be
[02:26:39] <MirahezeRelay>	 <cosmicalpha, replying to m3w> This is what Community Director seats are for if someone uninvolved with SRE etc... ran for it that is.
[02:26:50] <PixDeVl>	 :(
[02:27:08] <PixDeVl>	 Harej and Labster also have tech backgrounds but neither are current TECH
[02:27:22] <PixDeVl>	 As long as you ignore the existance of project manager
[02:27:23] <MirahezeRelay>	 <cosmicalpha> I wish we had more interest in people running for community director tbh
[02:27:37] <PixDeVl>	 Same
[02:27:38] <MirahezeRelay>	 <m3w> [1/5] basically its this scenario
[02:27:39] <MirahezeRelay>	 <m3w> [2/5] User:A requests a wiki. 2 weeks later User:A requests for GDPR and no community exists.
[02:27:39] <MirahezeRelay>	 <m3w> [3/5] There are no local wiki leadership
[02:27:39] <MirahezeRelay>	 <m3w> [4/5] no one expects any activity
[02:27:40] <MirahezeRelay>	 <m3w> [5/5] waiting on dormacy to kick in is a waste of time
[02:27:56] <PixDeVl>	 Then again that would be a applied to plenty of things
[02:28:15] <PixDeVl>	 Steward
[02:28:18] <PixDeVl>	 WC
[02:28:23] <PixDeVl>	 Infra
[02:28:58] <MirahezeRelay>	 <cosmicalpha, replying to m3w> Dormancy would just clean it up eventually or Stewards could early. If we needed to save resources or something I may agree but it simply just isn't necessary IMO.
[02:29:17] <MirahezeRelay>	 <m3w> that community director page does not define what it even is....stewards hold the election. trust and safety dir is listed...confusing
[02:30:07] <PixDeVl>	 It's run by the election committee
[02:30:32] <PixDeVl>	 Uninvolved stewards + DTS I think and others if they add
[02:30:35] <PixDeVl>	 ..yea
[02:30:36] <MirahezeRelay>	 <m3w> yes and what are the duties, responsibility, expectation of a community director aka someone that speaks for community interest
[02:30:50] <PixDeVl>	 They are a member of the board of directoes
[02:30:58] <PixDeVl>	 Only different is they are elected
[02:31:17] <MirahezeRelay>	 <m3w> yes, that's obvious pix
[02:31:24] <PixDeVl>	 There's no written requirment they must be a liason tmk
[02:31:28] <MirahezeRelay>	 <cosmicalpha> That's defined in the name — they represent the community on the board and are elected to serve by the community
[02:31:28] <MirahezeRelay>	 <m3w> what is the purpose?
[02:31:42] <PixDeVl>	 wdym whats the purpose
[02:32:05] <PixDeVl>	 for the community to have a say in the goverance of the farm on the legal level
[02:32:29] <MirahezeRelay>	 <m3w> this community is a bunch of middle school and high school kids, you are going to have spell it out for them. I know how annoying that is. They struggle with inferring the obvious.
[02:32:34] <MirahezeRelay>	 <cosmicalpha> I have to go for now so won't be able to respond more for a bit but this has gotten a bit off topic for this channel tbh but it doesn't matter to much.
[02:33:04] <MirahezeRelay>	 <m3w> yeah moving on
[02:34:18] <MirahezeRelay>	 <notaracham> [1/2] To answer spirit of q as I understand it:
[02:34:18] <MirahezeRelay>	 <notaracham> [2/2] It's a distinction between appointed (selected for specific merit/valuable outside perspective) and community (close to day to day operations in various MH/WT spaces and high trust.
[02:34:35] <PixDeVl>	 I fall into the aforementioned demographic so uh idk
[02:35:21] <MirahezeRelay>	 <m3w, replying to notaracham> alright, can this be added to the page.
[02:35:59] <MirahezeRelay>	 <m3w> people might not be nominating due to ambiguity
[02:37:28] <MirahezeRelay>	 <notaracham> Good feedback, will look at how that can be best implemented.
[02:37:30] <PixDeVl>	 Imo nominations should usually be done by users who understand the global community and structure
[02:37:47] <PixDeVl>	 But no harm in clarifing
[02:38:33] <MirahezeRelay>	 <cosmicalpha> I do agree we have some ambiguity that can make things very hard to understand for outsiders and it may need do with some clarity.
[02:39:13] <PixDeVl>	 Yeah
[02:40:23] <MirahezeRelay>	 <jph2> not really tech, but seems a bit late to be questioning Community Directors after nominations closed and we're in the midst of voting on them.
[02:40:41] <PixDeVl>	 No one ever questions it until it's locked in
[02:40:50] <PixDeVl>	 Cough DTS on ElCom
[02:40:54] <MirahezeRelay>	 <jph2> not saying the questions aren't valid, just timing is off.
[02:41:43] <PixDeVl>	 Anyways, I'm curious to see if anyone else joins the Tech team one of these days.
[02:41:54] <PixDeVl>	 Likely not in the span of actual days but
[02:43:26] <MirahezeRelay>	 <lichmaster98> Timing will always be off, may as well ask the question now and improve it for next time
[02:43:55] <PixDeVl>	 Wondering if anyone would actually join as a CL, since as Rhinos was saying before it's very specific in scope
[02:45:44] <PixDeVl>	 Someone who can translate between tech and laysman, talk as a tech person, PR person to the community as a whole, and maybe 1-1 with people who ask stuff during an outage or smt
[02:45:54] <PixDeVl>	 so good with tech and people
[02:45:59] <PixDeVl>	 each of which is hard enough
[02:47:47] <MirahezeRelay>	 <m3w, replying to jph2> whoops, i'm not heavily involved. simply trying to improve process and procedures which in turn will give a boost to platform health
[02:51:36] <MirahezeRelay>	 <notaracham> Regarding CL, it's something I thought about doing as someone who can speak tech and non-tech (and does so professionally alongside many other things)
[02:51:50] <MirahezeRelay>	 <notaracham> I'll be interested to see how the idea of it develops
[02:52:29] <MirahezeRelay>	 <jph2, replying to m3w> sorry. i didn't mean to seem like i was casting stones. i misunderstood your comment to refer to the current board election rather than next time around.
[02:53:07] <MirahezeRelay>	 <jph2> CL?
[02:53:40] <PixDeVl>	 You'd be good for that lol. I mean Steward and Director don't leave much room for doubt xP
[02:53:50] <MirahezeRelay>	 <notaracham> Pix and a few others could probably serve in this capacity depending on time and developmental interests though and I've already got too much on my plate
[02:54:54] <MirahezeRelay>	 <notaracham, replying to jph2> Community liaison, essentially the successor to CES with a more defined set of duties
[02:55:37] <MirahezeRelay>	 <jph2> Mk. Now I'm really stupid. CES?
[02:55:45] <MirahezeRelay>	 <notaracham> CA is more or less doing this today
[02:56:10] <PixDeVl>	 COmmunity Engament Specialist
[02:56:46] <MirahezeRelay>	 <notaracham> ^ that. More or less a spokesperson and translator for the tech team
[02:57:13] <MirahezeRelay>	 <notaracham> And originally also a fundraiser, cheerleader and whatever other soft skills were needed
[02:59:50] <MirahezeRelay>	 <jph2> [1/2] Would be nice to have that defined in a volunteering page somewhere.
[02:59:50] <MirahezeRelay>	 <jph2> [2/2] I'm still not sure if I fit that, but I'm not tech illiterate nor tech brilliant. I do know I'm not tech expert to fit real tech volunteer opportunities. But not sure where I might fit in CL.
[03:00:10] <PixDeVl>	 Maybe, what Rhinos said about being able to speak tech, caring and PR would need to be considered. I might consider if it's needed, partially since everyone agrees CL should not have shell, and I, as likely the most tech engaged person who can't have shell, may make sense? I don't know, part of me thinks 'hey you may be good at this' but the rest
[03:00:10] <PixDeVl>	 says 'bitch don't even think about it please i beg you' so eh. We prob wouldn't need many CL so if you or someone else steps up to it there'd be no point in me consideing :shrug:
[03:01:55] <MirahezeRelay>	 <notaracham> 🤷
[03:02:36] <MirahezeRelay>	 <notaracham> It's a conundrum for sure. All things are needed.
[03:02:51] <PixDeVl>	 I would like to see it's responsibilites a bit more defined
[03:02:55] <MirahezeRelay>	 <m3w> let's move to general
[03:03:51] <MirahezeRelay>	 <jph2, replying to PixDeVl> Agreed. We can't want more volunteers but not define what they should be and what skills they need to meet a particular volunteer role.
[14:21:01] <MirahezeRelay>	 <rodejong> [1/18] ANNOUNCEMENT: https://discord.com/channels/178359708581625856/392015565171982346/1237045039952035880
[14:21:01] <MirahezeRelay>	 <rodejong> [2/18] https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/ISK76VXYSIOKYLLU2DTQUXIJV6MMWGOJ/
[14:21:01] <MirahezeRelay>	 <rodejong> [3/18] MediaWiki Extensions and Skins Security Release Supplement (1.39.7/1.40.3/1.41.1)
[14:21:02] <MirahezeRelay>	 <rodejong> [4/18] Maryum Styles @ 6 May 2024 9:54 a.m.
[14:21:02] <MirahezeRelay>	 <rodejong> [5/18] Greetings-
[14:21:02] <MirahezeRelay>	 <rodejong> [6/18] There was a delay in CVE assignment due to a backlog with Mitre. With the security/maintenance release of MediaWiki .39.7/1.40.3/1.41.1, we would also like to provide this supplementary announcement of MediaWiki extensions and skins with now-public Phabricator tasks, security patches and backports [1]:
[14:21:03] <MirahezeRelay>	 <rodejong> [7/18] (T355434, CVE-2024-34505) - (CheckUser) Temporary account IP reveal does not check the deleted status
[14:21:03] <MirahezeRelay>	 <rodejong> [8/18] (T356226, CVE-2024-34501) - CheckUser Client Hints REST API does not use a CSRF token
[14:21:03] <MirahezeRelay>	 <rodejong> [9/18] (T356190, CVE-2024-34503) - ReportIncident REST API does not use a CSRF token
[14:21:04] <MirahezeRelay>	 <rodejong> [10/18] (T356183, CVE-2024-34504) - IPInfo REST APIs are not safe from CSRF attacks
[14:21:04] <MirahezeRelay>	 <rodejong> [11/18] (GHSA-cfcf-94jv-455f, CVE-2024-25107) - Cross-Site Scripting on Special:WikiDiscover
[14:21:05] <MirahezeRelay>	 <rodejong> [12/18] (T357203, CVE-2024-34500) - XSS through interface message in UnlinkedWikibase
[14:21:05] <MirahezeRelay>	 <rodejong> [13/18] (T357101, CVE-2024-34502) - (WikibaseLexeme) Special:MergeLexemes makes edits on GET requests without edit tokens
[14:21:06] <MirahezeRelay>	 <rodejong> [14/18] (T331362, CVE-2023-29134) - SQL injection in Cargo handling of quotes inside backticks
[14:21:06] <MirahezeRelay>	 <rodejong> [15/18] (GHSA-cfcf-94jv-455f, CVE-2024-25109) - Special:ManageWiki does not escape escape interface messages
[14:21:07] <MirahezeRelay>	 <rodejong> [16/18] (GHSA-8wjf-mxjg-j8p9, CVE-2024-29883) - (CreateWiki) Special:ManageWiki does not escape interface messages
[14:21:07] <MirahezeRelay>	 <rodejong> [17/18] [1] https://phabricator.wikimedia.org/T353904 
[14:21:08] <MirahezeRelay>	 <rodejong> [18/18] [Truncated and heavily modified due to discord limits. hyperkitty link has full details. GHSA refers to https://github.com/advisories]
[14:21:45] <MirahezeRelay>	 <rhinosf1> @bluemoon0332 finally
[14:21:58] <MirahezeRelay>	 <rhinosf1> I can add the ones for the next release now
[14:22:18] <MirahezeRelay>	 <bluemoon0332> how come CheckUser always ends up in these emails?
[14:22:46] <MirahezeRelay>	 <bluemoon0332> One would think an extension that just writes IP addresses and user agents to a database wouldn't have this many security issues
[14:26:16] <MirahezeRelay>	 <rodejong, replying to bluemoon0332> Don't shoot the messenger 😉
[14:37:04] <MirahezeRelay>	 <rhinosf1> @bluemoon0332 the most important parts of MediaWiki are the most poorly maintained
[16:05:39] <MirahezeRelay>	 <koreirose, replying to rhinosf1> This is real
[16:26:16] <MirahezeRelay>	 <m3w, replying to bluemoon0332> Ever since release cycle speed up to every 6 months, the most critical such as CU, AF keep getting patches nonstop
[16:27:10] <MirahezeRelay>	 <m3w> It's clear this isn't working and WMF needs to spend more time carefully handling, this just rushes
[16:28:57] <MirahezeRelay>	 <rhinosf1> @m3w the WMF needs to maintain things properly
[16:30:14] <MirahezeRelay>	 <m3w> [1/2] Yes, they do. Rushing release cycles is creating more issues
[16:30:14] <MirahezeRelay>	 <m3w> [2/2] Not to mention abusefilter lacks packages
[18:35:06] <MirahezeRelay>	 <pirog_chelovekovich> hello. can somebody tell me how long it usually takes to be inreviewed?
[18:36:54] <MirahezeRelay>	 <pirog_chelovekovich> oh i think i've mixed up channels
[18:37:04] <MirahezeRelay>	 <pirog_chelovekovich> sotty
[18:37:56] <MirahezeRelay>	 <theoneandonlylegroom> depends
[18:38:25] <MirahezeRelay>	 <theoneandonlylegroom> request reviewers are volunteers, might be from 2 hours to a day right now