[13:52:40] Hey there, I am getting some issues trying to upload a file to the Beta Cluster's Wikimedia Commons. [13:52:40] It keeps sending back this error: lockmanager-fail-svr-acquire - Could not acquire locks on server rdb1., and I can't find much about it on the net [13:53:46] uploads on beta have been broken for a while :/ [13:54:14] damn, I don't want to pollute the actual Commons with potentially hundreds of bogus audio files :( [13:55:30] do you know of any alternatives, or would I need to send these test audio files to the actual Commons ? [13:56:59] (which would be another pain in the arse actually - gotta create a non-test OAuth consumer, get it approved...) [13:57:12] test.wikipedia.org seem to have file uploads enabled [13:57:31] (there’s a disclaimer on its Special:Upload about scope, make sure to read that, I’m not familiar with it ^^) [13:57:47] though that will still require a production OAuth consumer I guess [13:58:34] I'd fall into the scope - it's about making sure I don't blow up the world with my code ahah [13:59:04] but I'm a bit taken aback by needing to create a production OAuth consumer [14:00:09] is the whole Beta Cluster affected by these upload issues? [14:00:23] maybe I can search for a wiki of the Beta Cluster that also has uploads enabled [14:01:24] I would assume it’s the whole beta cluster but I don’t think I tested any other wikis [14:03:15] Hmph. Most of these wikis require sysop or "uploader" rights to use Special:Upload it seems [14:05:53] well, there goes my hope. Gotta make a production OAuth on the actual Commons and hope I won't break everything [14:15:45] Gotta need approval for this one then: https://meta.wikimedia.org/wiki/Special:OAuthListConsumers/view/188cd7495ab13770f99ab37b0d1fea78 :) [14:22:42] Are there way ? (re @Mo: how to ensure the security of plugins in these situations) [15:57:14] Typically you'd review how much effort went into making sure the code is secure. There is a box at the bottom of every extension description page listing what large organizations are using it. (re @Mo: how to ensure the security of plugins in these situations) [15:58:35] You can also search the CVE archive for issues with that extension, although of course if an extension never had known security issues, that might mean multiple things. [15:59:47] In general you don't, unless you want multiple people to be able to use it. With the same account that you used to register it, it should always work. (re @Poslovitch: Gotta need approval for this one then: https://meta.wikimedia.org/wiki/Special:OAuthListConsumers/view/188cd7495ab13770f99ab37b0...) [16:00:15] Do we have a task about that? (re @lucaswerkmeister: uploads on beta have been broken for a while :/) [16:00:33] yes, T340908 [16:01:07] I don’t fully understand the investigation that happened there but I gather it’s the usual “nobody’s responsible for Beta” problem at the end of the day [16:08:56] it has been broken since July? ouch [16:09:36] since December even (that’s the date of the last successful uploads), July is when I noticed it… [20:40:57] yup you're right. Could'n't use it 'cause I was messing up the provider URL. Now it's working fine without needing to be approved ;) (re @gtisza: In general you don't, unless you want multiple people to be able to use it. With the same account that you used to register it, ...) [21:20:45] Thanks [21:20:46] Where is cve ? [21:20:48] Link (re @gtisza: You can also search the CVE archive for issues with that extension, although of course if an extension never had known security ...) [21:35:52] Intersection of file backend and beta cluster, both complex and notoriously unowned and unmainainted areas won't end up being better 😞 (re @gtisza: it has been broken since July? ouch)