Steward requests/Global permissions

Add links
From Meta, a Wikimedia project coordination wiki
< Steward requests
This is an archived version of this page, as edited by Ainz Ooal Gown (talk | contribs) at 02:18, 8 November 2019 (→‎Global abuse filter helper for Nullzero: Support). It may differ significantly from the current version.
Shortcut:
SRGP
This page hosts requests for global permissions. To make a request, read the relevant policy (global rollback , global sysop , global rename , …) and make a request below. Explain why membership is needed for that group, and detail prior experience or qualifications.

This is not a vote and any active Wikimedia editor may participate in the discussion.

Global rollback and global interface editor requests require no fewer than 5 days of discussion while abuse filter helper and maintainer requests require no fewer than 7 days. Global renamer and global sysop requests require no fewer than 2 weeks of discussion. For requests that are unlikely to pass under any circumstances, they may be closed by a steward without further discussion (after a reasonable amount of input).

Quick navigation:
Dynamic pages:

Cross-wiki requests
Meta-Wiki requests


Requests for global rollback permissions

Shortcut:
SRGR
Please be sure to follow the instructions below:
Your request might be rejected if you don't follow the instructions, and not doing so would reflect poorly on your suitability.
Please also review the Global rollback policy.
Instructions for making a request

Before requesting, make sure that: You have sufficient activity to meet the requirements to be allocated the global rollback flag

To make a request
Copy the template below to the bottom of this section and explain of why you need the access and why you're suitable.
=== Global rollback for {{subst:u|{{subst:REVISIONUSER}}}} ===
{{sr-request
 |status    = <!-- don't change this line -->
 |domain    = global <!-- don't change this line -->
 |user name = {{subst:REVISIONUSER}} <!-- don't change this line unless you're nominating another user -->
}}
::''Not ending before {{subst:#time:j F Y H:i|+5 days}} UTC''

The request will be approved if consensus to do so exists after a period of consideration of no less than 5 days (with rare exceptions , no matter how obvious the result may seem). This is not a vote, and all input is welcome. Stewards will determine whether consensus exists; when doing so it is likely that the weight given to the input of those involved in cross-wiki work will be most influential.

Global rollback for Hasley

Status:    In progress
Not ending before 7 November 2019 21:58 UTC

Hello everyone, I am Hasley. A few months ago I joined the SWMT. Since then, I have been active doing countervandalism, mainly finding LTAs and cross-wiki spammers and patrolling small projects from #cvn-sw, SWViewer and RTRC. I think global rollback could be very useful for me . Kind regards, —Sgd. Hasley 21:58, 2 November 2019 (UTC)[reply]

Global rollback for MrJaroslavik

Status:    In progress
Not ending before 12 November 2019 18:08 UTC

Hi everyone!
I' m currently rollbacker and patroller on cswiki, rollbacker and pending changes reviewer on enwiki and autopatroller on few projects. I started cross-wiki patrol through SWViewer. Throughout the process I have gained experience in removing vandalism made in various languages (even if I don't speak them). I would like to get global rollback to facilitate my work against vandalism. These rights would be useful for example to suppress abuse filters, which sometimes forbids me from editing. I would also definitely use the right markbotedit (for example, if multiple pages are vandalized at the same time). If you have any questions, feel free to ask. Thanks! -MrJaroslavik (talk) 18:08, 7 November 2019 (UTC)[reply]

Requests for global sysop permissions

Shortcut:
SRGS
Please be sure to follow the instructions below:
Your request might be rejected if you don't follow the instructions, and not doing so would reflect poorly on your suitability.
Please also review the Global sysops policy.
Stewards
When you give someone global sysop rights, please list them on Users with global sysop access and ask them to subscribe to the global sysops mailing list.
Instructions for making a request

Before requesting, make sure that:

  1. You have a global account ;
  2. You are logged in on this wiki, and the account is part of your global account;
To make a request
Copy the template below to the bottom of this section and explain of why you need the access and why you're suitable. If you previously requested that right, please add a link to the previous discussion(s).
=== Global sysop for {{subst:u|{{subst:REVISIONUSER}}}} ===
{{sr-request
 |status    = <!-- don't change this line -->
 |domain    = global <!-- don't change this line -->
 |user name = {{subst:REVISIONUSER}} <!-- don't change this line unless you're nominating another user -->
}}
:''Not ending before {{subst:#time:j F Y H:i|+2 week}} UTC''

The request will be approved if consensus to do so exists after a period of consideration of no less than two weeks (no exceptions are allowed no matter how obvious the result may seem). This is not a vote, and all input is welcome. Stewards will determine whether consensus exists; when doing so it is likely that the weight given to the input of those involved in cross-wiki work will be most influential. Please note: Since 2019 all global sysops are required to have two-factor authentication (2FA) enabled.


Requests for global rename permissions

Steward requests/Global permissions/Global renamers

Global rename for Turkmen

Status:    In progress
Not ending before 12 November 2019 20:11 UTC

Hello. I'm a global rollbacker and a global sysop. Furthermore, I'm a local sysop on multiple projects. I'am familiar with the global rename policy. I can speak and understand multiple Turkic languages. Thus, I believe that I can help as a global renamer. Also, I can help in reducing the queues in large projects and Meta-Wiki. Thank you!--Turkmen talk 20:11, 29 October 2019 (UTC)[reply]

Hello dear @Vermont:. You gave a reasonable question. Yes, my activity went downwards since September 10. This is related to my education in the university. I will repair my activity on November 4. But please check out my acitivity from June to September of this year. You also witnessed my activity during that time period. I would not apply for this right if I was going to be an inactive user. Thanks!--Turkmen talk 17:17, 2 November 2019 (UTC)[reply]

Requests for global IP block exemption

Shortcut:
SRIPBE
Please be sure to follow the instructions below:
Your request might be rejected if you don't follow the instructions. Please review Global IP block exemption. You may request Global IP block exemption via stewards(_AT_)wikimedia.org if you can not edit this page.
Please note: Global IP block exemption does NOT make one immune to locally-created blocks of any sort, only global blocks.
Instructions for making a request

Before requesting global IP block exemption, make sure that:

  1. You have a global account ;
  2. You are logged in on this wiki, and the account is part of your global account;
To request global IP block exemption
Copy the template below to the bottom of this section and explain why you need the access and why you're suitable. If needed, link to relevant discussions.
=== Global IP block exempt for {{subst:u|{{subst:REVISIONUSER}}}} ===
{{sr-request
 |status    = <!--don't change this line-->
 |domain    = global<!--don't change this line-->
 |user name = {{subst:REVISIONUSER}}
}}
<Add an explanation here>, thanks, --~~~~

The request will be approved if there is demonstrated need for the permission, such as bypassing a global block from someone who is not the intended target.

Global IP block exempt for IP Range of WikiLoop Battlefield

Status:    In progress

Statement

I am a developer, and we are building a counter-vandalism tool called WikiLoop Battlefield, and here is its source code. We recently start to roll out Oauth login and in-place revert feature. When we move our test from localhost to our dev and canary(staging) environment, we noticed that we received the following error.

{ "error": { "code": "globalblocking-ipblocked-range", "info": "'''Your IP address is in a range which has been blocked on all wikis.''' The block was made by [//meta.wikimedia.org/wiki/User:Jon_Kolbert Jon Kolbert] (meta.wikimedia.org). The reason given is ''[[NOP|Open Proxy]]: Webhost: Contact [[m:Special:Contact/stewards|stewards]] if you are affected ''. * Start of block: 2019-07-23T12:01:56 * Expiration of block: 2021-01-23T11:01:56 You can contact [//meta.wikimedia.org/wiki/User:Jon_Kolbert Jon Kolbert] to discuss the block. You cannot use the \"Email this user\" feature unless a valid email address is specified in your [[Special:Preferences|account preferences]] and you have not been blocked from using it. Your current IP address is 3.86.232.24, and the blocked range is 3.86.0.0/16. Please include all above details in any queries you make.", "*": "See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes." }, "servedby": "mw1346" }

We host our server on Heroku, does it mean that the IP address of heroku is being blocked globally for MediaWiki API? Can we apply to be whitelisted for our legit use-case?

Thank you!

Xinbenlv (talk)

Responsess

@Xinbenlv: Heroku is a shared host, and Wikimedia discourages hosting service in third-party shared hosts (it may host VPN or reverse proxy, which can hide users' IP address). You should either:
  • Move the project to Toolforge (recommended) or Cloud VPS
  • Create a edit service in Toolforge similar to toollabs:widar, and invoke the service (you must use GET or JSONP, Cloud does not support POST from third-party service) in the project (not recommended, this may have security issues)

--GZWDer (talk) 18:41, 17 October 2019 (UTC)[reply]

@GZWDer: thank you.
First sorry I just noticed I didn't use the template (which doesn't apply to IP range extemption for al IPs), I updated it.
Second, here we are building an app that requires a user to login with Oauth. We only conduct edit on-behalf of loged-in users and their username will show up.
3rdly, with respect to your suggestion, We've considered porting the project to Toolforge but we are waiting for the Toolforge to support modern Kubernates https://phabricator.wikimedia.org/T214513.
It is not particularly feasible for all users to rely on IP addresses because as many of people who submit for permissions here, IP addresses are only largely available in USA and a few developed countries who took part in early Internet infrastructure development discussions. Many other countries they have to rely on NAT that shares limited IP addresses. Our app hope to expand to all language locales to help users with counter-vandalism efforts. If we block IP addresses, it will reduce the access of these users from Non-USA/developed countries who would like to help.
In summary, can we apply for unblocking any IP addresses if we have allowed users to identify themselves with login? Thank you!

Xinbenlv (talk) 21:21, 17 October 2019 (UTC)[reply]

all, I don't know who to send this argument to... Xinbenlv (talk) 10:36, 25 October 2019 (UTC)[reply]
I start a discussion en:User:Xinbenlv/Propose:Allow_Login_Users_By_Default_When_IP_Range_Blocked
There is a block configurations to let logged in users edit while on blocked IP: However we usually do not allow it on NOP blocks. We cannot let anyone using your tool be exempt from the block, this is a software restrictions. There's just no way to do that. And since we are not going to unblock AWS — thus Heroku — I think your only bet is to follow GZWDer's advice. — regards, Revi 07:54, 4 November 2019 (UTC)[reply]
@-revi:, @GZWDer: thanks for answering. How about the following solutions sound to admins?
  1. if we use certain way to crypt-sign a request from our app's server, can you grant app-specific exception for this use-case? (rather than unblocking all IP-addresses but unblockgin all users who have signed in and use our app)?
  2. if we managed to find a fixed IP address, can you unblock individual IP address of the one that we use for our webapp?
Xinbenlv (talk) 22:37, 4 November 2019 (UTC)[reply]
#1: There's no such feature(tm) to do so. #2: I think I can do that, with two conditions: You notify us when you stop your project (thus releasing the IP to the shared pool) and you absolutely always require authentication. — regards, Revi 04:40, 5 November 2019 (UTC)[reply]
@-revi: thank you! Yes. We are likely to use at most 3 IP addresses at this moment:
  • 35.222.141.110 for dev
  • 34.67.56.51 for canary (staging)
  • 34.69.252.115 for prod
and I agree to both terms: we will absolutely require authentication(in fact you can just allow only login users to edit from these IP addresses) and we will notify you when we stop project and release the IP to the shared pool. (once the Toolforge support mount on Root or custom domain, or we are approved for WMF Cloud VPS)
Xinbenlv (talk) 06:13, 5 November 2019 (UTC)[reply]
Note individual IPs can not be globally whitelisted (phab:T42439). They can only be whitelisted locally.--GZWDer (talk) 19:58, 5 November 2019 (UTC)[reply]
@GZWDer:, thank you!
Do I understand it correctly that both the global and local needs to unblock the IP for any IP address to be used? While I will work on applying for individual local wiki's IP whitelist approve, can I ask why individual IPs can not be globally whitelisted? In particular, is it a policy or a technical reason?
  1. If it's a policy, I'd argument by fixing the static IP, it's no longer an Open Proxy since being reserved and occupied by an application, a random internet user cannot use it. Given that we promise that we only authenticate users, it's a fixed set of users (only registered Wikipedian users) rather than open to public.
  2. If it's a technical issue, I'd argument previously we are blocking IP range IP1 to IP3, now if we have a static IP2 to unblock, you can block [IP1, IP2), (IP2, IP3]
Dear global admins, what do you think? Thank you!
Xinbenlv (talk) 21:35, 5 November 2019 (UTC)[reply]
Please let me know if there are other information you would love me to provide accompanying this application Xinbenlv (talk) 22:49, 7 November 2019 (UTC)[reply]

Global IP block exempt for Nurseways

Status:    In progress

Hi, I only connect to the internet through a VPN due to freedom of speech limitations in my country. For instance, see this recent news article from MSN Brazil (content from Deutsch Welle Brazil) about the current far-right government trying to censor a Wikipedia article and seeking legal prosecution of an editor:

https://www.msn.com/pt-br/noticias/politica/minist%C3%A9rio-da-educa%C3%A7%C3%A3o-tentou-censurar-a-wikip%C3%A9dia/ar-AAGU1Ee

I can supply other examples if needed. The IP I am editing from is my personal VPN, not an open proxy - I am the sole person with access to this IP. I received an error message regarding an IP block when I tried to create an account at the Brazilian Wikipedia directing me to contact user Jon Kolbert who directed me to make a request for an IP Block exemption here. May I use Wikipedia with this VPN? I do not need an exemption for any other IP, thanks --Nurseways (talk) 12:15, 3 November 2019 (UTC)[reply]

Global IP block exempt for 78Lepic

Status:    In progress

Hello, I'm French and I'm trying to publish on Wikipedia.fr a page about an academic. The page is 151.80.0.0/16. (Jean Marie Barbier, by 78Lepic) and my IP address is 151.80.176.105. My IP is blocked. Could tell me why and/or help me to restaure it by a global IP block exemption? I am also wondering if the wikification of the page is complete enough for it to be published. Thanks for you help. 78Lepic

PS : feel free to contact me on oliviermarty@yahoo.fr, if it is more convenient for you, thanks, --78Lepic (talk) 16:50, 5 November 2019 (UTC)[reply]

Requests for 2 Factor Auth tester permissions

Please be sure to follow the instructions below:
Your request might be rejected if you don't follow the instructions.
Testing this service may result in the loss of your access and is not recommended for inexperienced users.
Instructions for making a request

Before requesting 2FA tester global permissions, make sure that:

  1. You are logged in on this wiki;
  2. You have read the help page about two-factor authentication and understand how it could lead to irrecoverable loss of access to your account ;
To request 2FA tester global permissions
Copy the template below to the bottom of this section and INDICATE you have read the Help page.
If the request page is currently protected, please file as an edit request on the talk page.
=== 2FA Tester for {{subst:u|{{subst:REVISIONUSER}}}} ===
{{sr-request
 |status    = <!--don't change this line-->
 |domain    = global <!--don't change this line-->
 |user name = {{subst:REVISIONUSER}}
}}
<Add an explanation here>, thanks, --~~~~

The request will be approved if there is no reason not to grant one. A steward will review the request.

2FA Tester for Cooltey Feng

Status:    In progress

I would like to enable the 2FA to further enhance the account security level, thanks, --Cooltey Feng (talk) 19:08, 5 November 2019 (UTC)[reply]

Have you read the documentation? Ruslik (talk) 20:49, 5 November 2019 (UTC)[reply]
Yes, I have read the documentation. Cooltey Feng (talk) 19:59, 7 November 2019 (UTC)[reply]

2FA Tester for DrVes

Status:    In progress

I would like to increase the security of my account by enabling 2FA, thanks, --DrVes (talk) 19:07, 6 November 2019 (UTC)[reply]

Have you read Help:Two-factor_authentication?--Shanmugamp7 (talk) 12:08, 7 November 2019 (UTC)[reply]

2FA Tester for Christer1987

Status:    Done

I would like to enable 2FA for my account. I am well aware of the requirements esp. on recovery codes, thanks, --ChristerTalk 10:57, 7 November 2019 (UTC)[reply]

Done--Shanmugamp7 (talk) 12:07, 7 November 2019 (UTC)[reply]

Requests for other global permissions

Please be sure to follow the instructions below:
Your request might be rejected if you don't follow the instructions.
Instructions for making a request

Before requesting additional global permissions, make sure that:

  1. You are logged in on this wiki;
  2. No specific section on this page exists for the permission you want to request;
To request additional global permissions
Copy the template below to the bottom of this section and explain what kind of access you need and why. If needed, link to relevant discussions. If you hold, or have previously held, the right and are asking for either a renewal or revival of that right, please add a link to the previous discussion.
=== <Add requested permission here> for [[User:Foo|Foo]] ===
{{sr-request
 |status    = <!--don't change this line-->
 |domain    = global<!--don't change this line-->
 |user name = Username
 |discussion=
}}
<Add an explanation here>, thanks, --~~~~

The request will be approved if consensus to do so exists after a short period of consideration. A steward will review the request.

IP BLOCK

Bonjour, pourquoi ne puis-je plus modifier les articles de Wikipedia ? --Caspien06 (talk) 17:42, 31 October 2019 (UTC)[reply]

Analysant la situation je m'aperçois que j'utilise Avast Security line qui génère des IP aléatoires. Je viens de le débloquer temporairement et je constate que le phénomène de blocage par Wikipédia disparaît. Qu'en pensez-vous ?--Caspien06 (talk) 08:45, 1 November 2019 (UTC)[reply]
@Caspien06: S.V.P. faire un requête pour IPBE ici. Tu es bloqué parce que tu utilises un proxy pour éditer. Jon Kolbert (talk) 09:38, 3 November 2019 (UTC)[reply]

Global abuse filter helper for Nullzero

Status:    In progress

I just started working on a research project regarding correctness of abuse filters and the abuse filter language. My research has already discovered bugs in public filters and the filter language in the past week (1 2 3 4 5 6 7 8 9 10 11 12 13 14).

Being granted the role of global abuse filter helper would allow me to contribute and progress my research further. In particular:

  1. Fixing a bug or adding a feature could alter the semantics of existing filters in Wikimedia projects, including private filters to which I currently have no access. For that reason, the abusefilter-view-private right would be very helpful for me to make sure that any changes to the language will not break existing filters.
  2. Similarly, with the abusefilter-view-private right, I would be able to point out bugs in the private filters in addition to the public ones.
  3. Both abusefilter-view-private and abusefilter-log-private would allow me to obtain more data points to develop the research tool.

It is my hope that by the end of the project, I will produce an open-source tool to automate the (currently manual) bug finding process, and potentially integrate it back to the abuse filter extension.

Incidentally, I have been a sysop at Thai Wikipedia for 6 years, and contributed to various MediaWiki projects, including the abuse filter extension, several years ago.

Thanks, --Nullzero (talk) 00:58, 7 November 2019 (UTC)[reply]

See also

Cooperation requests for: comments (local) (global) · translation

Retrieved from "https://meta.wikimedia.org/w/index.php?title=Steward_requests/Global_permissions&oldid=19535137"