[16:44:13] <Krinkle>	 There is quite a lot of "Use of PasswordPolicyChecks::checkPopularPasswordBlacklist was deprecated in MediaWiki 1.33" in production logs. Perhaps it was hard-deprecated too early?
[16:44:17] <Krinkle>	 (per deprecation policy)
[16:44:21] <Krinkle>	 https://logstash.wikimedia.org/app/kibana#/dashboard/mediawiki-deprecated
[16:47:57] <Reedy>	 Krinkle: I'm happy enough if someone wants to partially revert https://github.com/wikimedia/mediawiki/commit/0d3807c510762187f6364f22a3d1c78fab8f51d8
[16:48:13] <Reedy>	 We do need to strip it out of mw-config/disable it for sure
[16:49:05] <Krinkle>	 Reedy: aye, yeah, hard-deprecated but used it prod is likely to cause someone to accidentally delete it after 1 release cycle (ergo, now)
[16:49:19] <Krinkle>	 If it's just line instance in wmf-config, then maybe fixing that would be easy enough
[16:49:46] <Reedy>	 it's a bit of a mess in CS
[16:49:47] <Reedy>	 			// hack; PasswordNotInLargeBlacklist obsoletes PasswordCannotBePopular but maxOfPolicies can't handle that
[16:49:47] <Reedy>	 			if ( $effectivePolicy['PasswordNotInLargeBlacklist'] ?? false ) {
[16:49:47] <Reedy>	 				$effectivePolicy['PasswordCannotBePopular'] = 0;
[16:49:47] <Reedy>	 			}
[16:50:35] <Krinkle>	 OK, well if it's non-trivial, I'd say lets undo hard deprecation and file a task for better documenting how to migrate and tag for 1.35 preliminarily
[16:50:49] <Reedy>	 It's not enabled by default in MW core...
[16:50:50] <Reedy>	 $wgPasswordPolicy['policies']['default']['PasswordCannotBePopular'] = [
[16:50:50] <Reedy>	 	'value' => 100,
[16:50:50] <Reedy>	 	'suggestChangeOnLogin' => true,
[16:50:50] <Reedy>	 ];
[16:50:55] <Reedy>	 But we do have that
[16:51:23] <Reedy>	 I guess because we haven't decided to roll it out further... for $reasons
[16:51:39] <Reedy>	 Let me create a partial revert
[16:54:27] <Reedy>	 https://gerrit.wikimedia.org/r/532745
[16:55:22] <Reedy>	 Was it community tech working on improving/changing the password policies on wiki?
[16:56:34] <Reedy>	 Krinkle: Part of me says just remove the setting of the policy... Because blocking 100 "common" passwords adds minimal, if not zero additional security
[16:58:12] <Reedy>	 When really, we should just be enabling PasswordNotInLargeBlacklist for everyone IMHO... But that's somewhat of a breaking change
[17:00:47] <Reedy>	 https://phabricator.wikimedia.org/T231360 filed for removing from prod
[17:00:54] * Reedy looks to find the community-tech tasks on this issue
[17:03:50] <Reedy>	 Looks like the patch on https://phabricator.wikimedia.org/T151425 from James_F fixes this too...
[17:05:05] <James_F>	 Yeah, that's waiting for the product owner for AHT to get back to me… who's now changed. I should talk to Niharika when she's back in the office. :-)
[17:07:42] <Reedy>	 I just left a comment on the ticket pinging her
[17:08:05] <Reedy>	 If it didn't have an actual owner, I'd be happy to JFDI
[17:08:14] <Reedy>	 But I imagine we probably want some comms support for this too
[17:08:19] <James_F>	 Yes.
[17:08:21] <Reedy>	 ie get it in Tech News that "CHANGE IS COMING"
[17:08:44] <James_F>	 You missed out the obligate 😱s.
[17:10:05] <Reedy>	 heh
[17:14:56] <James_F>	 Anyone know WTF "No method matcher is set" errors mean? I'm looking to merge https://gerrit.wikimedia.org/r/c/mediawiki/core/+/532744 as a train blocker and it's failing with that.
[17:27:19] <Reedy>	 https://github.com/sebastianbergmann/phpunit-mock-objects/blob/master/src/Matcher.php#L133
[17:27:29] <Reedy>	 Looks like a mock might not be setup correctly
[17:29:28] <James_F>	 Right.
[17:29:40] <James_F>	 Aryeh's helping me not need the revert, in the end.