Adding extensions under packagist's "mediawiki" vendor

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Adding extensions under packagist's "mediawiki" vendor

Daniel Werner-2
Hi,

I'd like to add my extension
  https://github.com/DanweDE/mediawiki-ext-UserBitcoinAddresses
as "mediawiki/user-bitcoin-addresses" in packagist.

When trying to do so, packagist states I should ask someone with the proper
rights to maintain the "mediawiki" vendor.

I have read up on

https://www.mediawiki.org/wiki/Manual:Developing_libraries#Packagist_guidelines

And I wrote two of the guys listed to have access to the "mediawiki" vendor
account but I am not sure I am getting a reply so I thought I'd also try it
through this channel.

Any advice how I'd get my GitHub repo on packagist under the "mediawiki"
vendor would be highly appreciated.

Cheers,
Daniel
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Adding extensions under packagist's "mediawiki" vendor

Bryan Davis
On Tue, Jul 21, 2015 at 6:52 AM, Daniel Werner
<[hidden email]> wrote:

> Hi,
>
> I'd like to add my extension
>   https://github.com/DanweDE/mediawiki-ext-UserBitcoinAddresses
> as "mediawiki/user-bitcoin-addresses" in packagist.
>
> When trying to do so, packagist states I should ask someone with the proper
> rights to maintain the "mediawiki" vendor.
>
> I have read up on
>
> https://www.mediawiki.org/wiki/Manual:Developing_libraries#Packagist_guidelines
>
> And I wrote two of the guys listed to have access to the "mediawiki" vendor
> account but I am not sure I am getting a reply so I thought I'd also try it
> through this channel.
>
> Any advice how I'd get my GitHub repo on packagist under the "mediawiki"
> vendor would be highly appreciated.

Migrate the origin repository to the Wikimedia gerrit hosting where
the MediaWiki developer community has access to fix security issues
and I'll be glad to make sure that Packagist integration is setup
properly from there. You are of course free to publish your extension
under your own vendor prefix, but if you want to take advantage of the
MediaWiki vendor prefix the MediaWiki community needs to be be able to
assert some measure of control over the published package.

On a semi-related note, use of autoload.files to register an extension
with MediaWiki after installation via Composer should be considered a
deprecated feature [0].


[0]: https://phabricator.wikimedia.org/T467#1464482

Bryan
--
Bryan Davis              Wikimedia Foundation    <[hidden email]>
[[m:User:BDavis_(WMF)]]  Sr Software Engineer            Boise, ID USA
irc: bd808                                        v:415.839.6885 x6855

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Adding extensions under packagist's "mediawiki" vendor

Gergo Tisza
On Tue, Jul 21, 2015 at 2:29 PM, Bryan Davis <[hidden email]> wrote:

> Migrate the origin repository to the Wikimedia gerrit hosting where
> the MediaWiki developer community has access to fix security issues
> and I'll be glad to make sure that Packagist integration is setup
> properly from there. You are of course free to publish your extension
> under your own vendor prefix, but if you want to take advantage of the
> MediaWiki vendor prefix the MediaWiki community needs to be be able to
> assert some measure of control over the published package.
>

That could also be done via a Wikimedia organization on GitHub, if we don't
want to force specific workflows on developers. Although it certainly makes
life easier if all "official" extensions share the same code review and CI
infrastructure.
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Adding extensions under packagist's "mediawiki" vendor

Jeroen De Dauw-2
In reply to this post by Bryan Davis
Hey Bryan,

What exactly justifies such an authoritarian "need to go though some
permission process" setup? Exactly what problems are we currently seeing?
I'm very sceptical about such an approach. Sure you can say things such as
that I'd be nice for other people to have access. The reality is that most
people don't care about most extensions and that a lot of them end up being
unmaintained and very low quality to begin with. Telling volunteers they
should go follow a process they do not want to follow and that they should
use a code hosting service they do not want to use has its down sides. This
was also not done in the past. You did not need approval to create a
"certified MediaWiki extension" or something like that.

Cheers

--
Jeroen De Dauw - http://www.bn2vs.com
Software craftsmanship advocate
Developer at Wikimedia Germany
~=[,,_,,]:3
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Adding extensions under packagist's "mediawiki" vendor

Bryan Davis
On Tue, Jul 21, 2015 at 5:42 PM, Jeroen De Dauw <[hidden email]> wrote:

> Hey Bryan,
>
> What exactly justifies such an authoritarian "need to go though some
> permission process" setup? Exactly what problems are we currently seeing?
> I'm very sceptical about such an approach. Sure you can say things such as
> that I'd be nice for other people to have access. The reality is that most
> people don't care about most extensions and that a lot of them end up being
> unmaintained and very low quality to begin with. Telling volunteers they
> should go follow a process they do not want to follow and that they should
> use a code hosting service they do not want to use has its down sides. This
> was also not done in the past. You did not need approval to create a
> "certified MediaWiki extension" or something like that.

As of https://github.com/composer/packagist/issues/163#issuecomment-99673878
Packagist itself has created this restriction of vendor namespaces
actually indicating some level of ownership. A vendor is a supplier of
a good or service. Publishing something as mediawiki/* is explicitly
claiming affiliation with the MediaWiki open source project. As such
it seems not unreasonable to ensue that projects claiming to be
supplied by the MediaWiki community actually are indeed serviceable by
that community. Note that there is no form of restriction for
publishing a package that provides a MediaWiki extension or other
related functionality under another namespace.

I would certainly welcome an RfC discussion of the current policy and
a potential replacement. From my point of view, use of the MediaWiki
brand implies endorsement by the MediaWiki community and thus should
only be easily available to projects that are able to be contributed
to and managed by that community. If for example a serious security
flaw was found in a mediawiki/foo package on Packagist the community
should be empowered to fix it.

Bryan
--
Bryan Davis              Wikimedia Foundation    <[hidden email]>
[[m:User:BDavis_(WMF)]]  Sr Software Engineer            Boise, ID USA
irc: bd808                                        v:415.839.6885 x6855

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Standardizing extension development practices

Mark A. Hershberger-4
Bryan Davis <[hidden email]> writes:

> On Tue, Jul 21, 2015 at 5:42 PM, Jeroen De Dauw <[hidden email]> wrote:
>> What exactly justifies such an authoritarian "need to go though some
>> permission process" setup? Exactly what problems are we currently
>> seeing?

> I would certainly welcome an RfC discussion of the current policy and
> a potential replacement. From my point of view, use of the MediaWiki
> brand implies endorsement by the MediaWiki community and thus should
> only be easily available to projects that are able to be contributed
> to and managed by that community. If for example a serious security
> flaw was found in a mediawiki/foo package on Packagist the community
> should be empowered to fix it.

This discussion is at least tangentially related to the IdeaLab project
that Chris Koerner and I formulated at Wikimania:

https://meta.wikimedia.org/wiki/Grants:IdeaLab/Making_Gerrit_access_easier_for_developers_new_to_MediaWiki

There are benefits to using the Gerrit.w.o -- the git repository that
most MW-experienced developers are using, and where they have rights to
upgrade code (e.g. the i18n conversion to json) -- instead of Github,
Assembla, Kiln, or Bitbucket.

We've done a poor job of explaining the benefits, though, and, more than
that, providing an infrastructure that developers not deeply involved
with the WMF can use, though.

I invite your comments on the IdeaLab proposal page.  Maybe it means
improving MediaWiki support for developers on GitHub, but if that is the
route we go, then we need to figure out a way to do that.

Mark.

--
Mark A. Hershberger
NicheWork LLC
717-271-1084


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Adding extensions under packagist's "mediawiki" vendor

Daniel Werner-2
In reply to this post by Bryan Davis
Thank you folks!

I guess I wasn't logged in when I first tried. It works fine now [0].
Anyhow, I am with Gergo and Jeroen on the issue of code hosting and I chose
to use GitHub. I also have lots of extensions on WM's facilities and won't
change that in the near future but I am switching to GitHub as I am
maintain more and more also non-MW related packages there and I feel like
it is less troublesome even though I have also worked on Gerrit for 19
months on a daily basis when working as part of the Wikidata team.
Also, some of the biggest MW extensions such as "Semantic MediaWiki" and
"Maps" seem to be hosted on GitHub already and I can not see how they would
lack any support from our community in terms of contributions.

Cheers,
Daniel

[0]: https://packagist.org/packages/mediawiki/user-bitcoin-addresses

On 22 July 2015 at 00:57, Bryan Davis <[hidden email]> wrote:

> On Tue, Jul 21, 2015 at 5:42 PM, Jeroen De Dauw <[hidden email]>
> wrote:
> > Hey Bryan,
> >
> > What exactly justifies such an authoritarian "need to go though some
> > permission process" setup? Exactly what problems are we currently seeing?
> > I'm very sceptical about such an approach. Sure you can say things such
> as
> > that I'd be nice for other people to have access. The reality is that
> most
> > people don't care about most extensions and that a lot of them end up
> being
> > unmaintained and very low quality to begin with. Telling volunteers they
> > should go follow a process they do not want to follow and that they
> should
> > use a code hosting service they do not want to use has its down sides.
> This
> > was also not done in the past. You did not need approval to create a
> > "certified MediaWiki extension" or something like that.
>
> As of
> https://github.com/composer/packagist/issues/163#issuecomment-99673878
> Packagist itself has created this restriction of vendor namespaces
> actually indicating some level of ownership. A vendor is a supplier of
> a good or service. Publishing something as mediawiki/* is explicitly
> claiming affiliation with the MediaWiki open source project. As such
> it seems not unreasonable to ensue that projects claiming to be
> supplied by the MediaWiki community actually are indeed serviceable by
> that community. Note that there is no form of restriction for
> publishing a package that provides a MediaWiki extension or other
> related functionality under another namespace.
>
> I would certainly welcome an RfC discussion of the current policy and
> a potential replacement. From my point of view, use of the MediaWiki
> brand implies endorsement by the MediaWiki community and thus should
> only be easily available to projects that are able to be contributed
> to and managed by that community. If for example a serious security
> flaw was found in a mediawiki/foo package on Packagist the community
> should be empowered to fix it.
>
> Bryan
> --
> Bryan Davis              Wikimedia Foundation    <[hidden email]>
> [[m:User:BDavis_(WMF)]]  Sr Software Engineer            Boise, ID USA
> irc: bd808                                        v:415.839.6885 x6855
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Adding extensions under packagist's "mediawiki" vendor

Federico Leva (Nemo)
In reply to this post by Bryan Davis
Gerrit is too unpredictable for users:
https://phabricator.wikimedia.org/T86476#1462980 .
It's probably easier and more functional to create some
"mediawiki-users" vendor on packagist and let any MediaWiki sysadmin
(not developer) join to add the packages they need for whatever reason.

Nemo

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Adding extensions under packagist's "mediawiki" vendor

Chad
On Wed, Jul 22, 2015 at 7:13 AM Federico Leva (Nemo) <[hidden email]>
wrote:

> Gerrit is too unpredictable for users:
> https://phabricator.wikimedia.org/T86476#1462980 .
> It's probably easier and more functional to create some
> "mediawiki-users" vendor on packagist and let any MediaWiki sysadmin
> (not developer) join to add the packages they need for whatever reason.
>
>
Forcing people to use Gerrit is quite possibly a violation of the Geneva
Convention.

-Chad
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Adding extensions under packagist's "mediawiki" vendor

Antoine Musso-3
In reply to this post by Federico Leva (Nemo)
Le 22/07/2015 16:13, Federico Leva (Nemo) a écrit :
> Gerrit is too unpredictable for users:
> https://phabricator.wikimedia.org/T86476#1462980 .
> It's probably easier and more functional to create some
> "mediawiki-users" vendor on packagist and let any MediaWiki sysadmin
> (not developer) join to add the packages they need for whatever reason.
>
> Nemo

About https://gerrit.wikimedia.org/r/#/c/225663/ which states:

> Revert "Convert to globals and add composer support"
>
> The RfC for adding composer support for extensions was declined.
> We should not be adding composer support to more extensions.

Which removes:
https://gerrit.wikimedia.org/r/#/c/190027/14/composer.json,unified


And honestly I am confused.  From my understanding we wanted to come in
a position where we use composer to download the packages and resolve
the dependencies then the extension loader, potentially having the
extension loader as a composer plugin.



--
Antoine "hashar" Musso


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l