[15:14:41] <euouae>	 Hello I'm trying to upgrade from v1.22.6 to v1.23.17
[15:15:18] <euouae>	 When I'm trying to complete the upgrade under mw-config/ with a browser, I'm getting "PHP Fatal error:  Class 'Database' not found in /var/www/html/w/includes/installer/PostgresInstaller.php on line 161, referer: http://localhost:8080/w/mw-config/?page=ExistingWiki" in the apache2 error log
[15:19:38] <Reedy>	 Why are you upgrading to 1.23.17?
[15:20:07] <euouae>	 Reedy: I have this graph <https://gist.githubusercontent.com/createyourpersonalaccount/575ac169d0267d02121d09cce8753ca7/raw/76b162714407d784183db1ec69c8005f5415fe25/mw-upgrade.svg> of potential upgrade paths
[15:20:28] <Reedy>	 I'd honestly just try and go directly to 1.35
[15:20:30] <euouae>	 I chose the latest version of each LTS version.
[15:20:52] <euouae>	 OK, you think that's a better idea? I will try.
[15:20:59] <Reedy>	 We obviously don't support, don't have CI etc for making modifications to these ancient versions
[15:21:19] <Reedy>	 Time and effort into trying to fix weird (possibly autoloader?) bugs in ancient versions of MW... :)
[15:21:40] <euouae>	 it'd be a waste of time too hehe... I'm just needing direction
[15:21:48] <euouae>	 and yeah you're right I'll try the most direct upgrade to 1.35 
[15:22:18] <Reedy>	 1.35 should happily upgrade to like before MW 1.5
[15:22:29] <Reedy>	 1.2.. probably?
[15:22:38] <Reedy>	 1.39 only does from 1.35 etc
[15:22:46] <euouae>	 yup it's noted in my graph, did you see it?
[15:23:06] * euouae spent so much time preparing for this MW upgrade but maybe he should've just upgraded immediately to 1.35
[15:23:08] <Reedy>	 Considering I've been the person making MW releases for most of the last... 10+ years
[15:23:13] <Reedy>	 Yes, I think I have some idea of upgrade paths :P
[15:23:22] <euouae>	 ooh 
[15:23:44] <euouae>	 I'm just messing around with this, a friend asked me to help and I'm overengineering it, like I always do
[15:24:02] <Reedy>	 I will admit that the postgres side is probably less well tested than the mysql side
[15:24:32] <Reedy>	 Sorry, I actually tell a lie... 1.39 will do from 1.31 :P
[15:25:05] <Reedy>	 As long as you've got backups... You're in a reasonable position to be doing bigger jumps
[15:26:50] <euouae>	 yeah I am working on a backup 
[15:27:03] <euouae>	 I'll try to work forwards then, first 1.35 and then 1.31 if that fails
[15:27:52] <euouae>	 thank you for the help!
[16:56:14] <euouae>	 Reedy: I was just checking the signature on 1.35 and I saw that you're the signee. Just one tiny comment, maybe you want to update your master key because DSA1024 is obsolete 
[16:56:24] <Reedy>	 Mmm
[16:56:32] <euouae>	 With around 80bits of strength you can get it cracked with a few thousand dollars I think
[16:56:38] <Reedy>	 But in the grand scheme of things, if someone can get tarballs onto the right server...
[16:56:41] <Reedy>	 We've got bigger issues :)
[16:56:58] <euouae>	 You could be impersonated
[16:57:31] <Reedy>	 I'm known to have doppelgangers
[16:57:33] <euouae>	 Well think about it, it's not an urgent thing. Just something to keep in mind...
[16:57:43] <Reedy>	 There's been a task for it for a while
[16:57:50] <Reedy>	 It's definitely a "yes, but..."
[16:58:01] <euouae>	 what's holding you back? the gpg difficulty?
[16:58:09] <Reedy>	 laziness, but yeah
[16:58:14] <Reedy>	 GPG stuff is... a mess
[16:58:24] <euouae>	 I agree it's hard
[16:58:28] <Reedy>	 If we had a habit of hosting MW releases on random servers, linking them etc.. Compromising mailman and sending out an unofficial email would be doable
[16:58:51] <euouae>	 well I'll explain some issues 
[16:59:06] <kjetilho>	 upgrading from DSA1024 is particularily annoying since cross-signing your new key would be counter-productive
[16:59:22] <kjetilho>	 but I agree it needs to be done
[16:59:28] <Reedy>	 It's been a little while since I tried... But last time I was trying to pull down the "signatures" of my key etc
[16:59:32] <Reedy>	 It was all just so broken I gave up
[16:59:43] <euouae>	 I can try to write a small tutorial on how to do it 
[16:59:48] <kjetilho>	 yeah, the keyserver abuses really broke a lot
[16:59:49] <euouae>	 with all the relevant commands 
[17:00:06] <Reedy>	 When I work out if I'm going to FOSDEM... Or meeting up with the WMF SRE's in February after that..
[17:00:15] <euouae>	 Are you using hardware keys? 
[17:00:17] <Reedy>	 I should almost certainly prepare a key before then, and get it properly signed by others
[17:00:23] <Reedy>	 *prepare a new key
[17:00:28] <euouae>	 Or are you keeping your gpg info on your computer
[17:00:41] <euouae>	 Because if you're using hardware keys there's some additional steps to take 
[17:00:55] <euouae>	 oh wow fosdem is coming up soon
[17:00:59] <euouae>	 I've never gone to one
[17:01:20] <Reedy>	 It comes up every year (well, bar COVID ;))
[17:01:31] <euouae>	 dang in Belgium? hmm... 
[17:01:40] <Reedy>	 Yeah, same location etc
[17:01:42] <kjetilho>	 soon?!  well, everything is relative.  the next one is closer than the previous one...
[17:02:06] <euouae>	 kjetilho: for me, things are always coming up soon, since I'm very disorganized :) 
[17:08:11] <euouae>	 but it's not entirely true that cross-signing is counter productive; not any more than using the current key is counter productive... 
[17:08:52] <Reedy>	 My current key is also signed by various people.. who I have nfi who they are etc
[17:09:29] <euouae>	 it won't prevent the danger of it being cracked
[17:10:02] <euouae>	 well OK you don't have to believe me :P I'm not a cryptographer. I know cryptography though... 
[17:10:15] <euouae>	 I'll write you that tutorial and you can make the decision from there 
[17:10:24] <Reedy>	 As above, it's mostly just laziness
[17:10:39] <Reedy>	 It does need doing, yes
[17:10:50] <euouae>	 I totally relate, I rotate (or just update expiry) my keys every year partly to keep myself in some shape but every time I hate it
[17:11:16] <Reedy>	 And to actually exploit it in terms of MW releases.. You would need to obtain an SSH key of a limited group of users etc
[17:11:26] <Reedy>	 We're a bit more strict on what keys we allow over there
[17:12:45] <euouae>	 it depends on where the trust is being placed 
[17:13:15] <Reedy>	 And if you had access to one of those keys, you'd have access to update the key list we publish... :D
[17:13:26] <Reedy>	 So you could just add your own key to the list in some form
[17:13:58] <Reedy>	 I think there was a discussion somewhere about using something else for signing
[17:14:20] <euouae>	 that's the public key distribution problem. In strict settings the public keys are transmitted "out of band" meaning some other trusted channel 
[17:14:27] <Reedy>	 https://phabricator.wikimedia.org/T366566 is the weak key
[17:14:48] <euouae>	 In this case however you'd be likely to eventually find out that keys.txt is manipulated because people know who's who. Versus cracking your private key... that's more insidious
[17:15:06] <Reedy>	 Not even eventually
[17:15:09] <Reedy>	 It's version controlled
[17:15:31] <Reedy>	 So it would need to be committed... or a divergence in the git repo etc would be noticed
[17:15:42] <euouae>	 ok I'll drop it 
[17:15:43] <euouae>	 I know you'
[17:15:48] <euouae>	 you're averse to the idea :P so forget about it 
[17:16:11] <euouae>	 I don't like going back and forth about security issues since I'm neither trying to penetrate a place nor secure it... it's a lot of philosophy 
[17:16:36] <euouae>	 I conserve my philosophy white matter for other issues 
[17:18:23] <euouae>	 "Access Denied: Restricted Task" btw on that phabricator task -- but that's fine 
[17:19:04] <euouae>	 I need to go, have a good one
[17:58:15] <Cocopuff2018>	 so centrelauth keeps logging out users what do I set to prevent that from happening 
[18:20:07] <Felenov>	 Quote: 04If its only happening to one user, you need to investigate why its happening, there isn't a magic switch to stop it
[18:22:56] <Cocopuff2018>	 there is nothing I can find that is a hint to why its happening 
[18:23:06] <Cocopuff2018>	 it happens to multiple actually 
[18:27:40] <AntiComposite>	 to quote from the giant red warning box on Extension:CentralAuth : "If you end up using this extension on a third-party wiki, it is likely that you will end up having to troubleshoot complex issues that potentially require diving into the source code to resolve. **You have been warned.**"
[18:28:56] <Felenov>	 After seeing some of cocopuff's work, it's safe to assume to root cause of the issue is probably not in the extension but elsewhere.
[18:29:31] <AntiComposite>	 we can try to help you, but we can't troubleshoot it for you. you'll need to do that yourself. based on your messages over the past few days, it sounds like you're trying to use CentralAuth in an unusual manner or trying to use only some parts of it. This is extremely not supported.
[18:36:26] <awoo>	 note that "try to help you" in this case does *not* mean "spoon-feed you answers." You need to put in the effort to actually *understand* what it is you're doing and where things might be going wrong. You've been banned from a lot of places (including this very channel for a while) for expecting others to devote lots of time and effort into helping you while you give nothing back in return.
[18:38:40] <Felenov>	 He's got a long history with Miraheze as well. A case of [[WP:CIR]]
[18:38:42] <awoo>	 (as a corollary, if you have been putting in that effort and are still clueless, perhaps you need to step away from IT and find a new hobby)
[18:53:50] <Cocopuff2018>	 I deny ur accusion @elenov
[18:54:41] <RhinosF1>	 I concur with awoo
[20:13:57] <Eytirth>	 I think I am not great at fixing my wiki's tech issues either
[20:16:12] <Eytirth>	 I think coco is maybe out of their depth and should start with more basic stuff
[20:18:10] <RhinosF1>	 Cocopuff has only been around 4.5 years
[20:23:57] <awoo>	 to get this conversation back into more productive territory, what Cocopuff2018 should be doing here is researching information on why people are being suddenly logged out. There are multiple pages on mediawiki.org on the topic. He should then go through the troubleshooting steps outlined to determine more information, and be prepared to also dig into the CentralAuth code itself to try to understand how that makes session handling different from 
[20:23:58] <awoo>	 normal wiki installs
[20:25:24] <awoo>	 if there are very specific questions rather than basic knowledge questions, that could be a candidate for asking here, but a critical point is that you need to actually learn from and remember these answers. And not just come back 2 months later with the exact same question, like you usually do
[20:25:31] <Eytirth>	 I mean, if I made a wiki farm, I would of used a shared database 
[20:25:57] <Eytirth>	 And do I come back with the same qestion?
[20:26:03] <awoo>	 no, that was at Cocopuff
[20:26:44] <awoo>	 he's asked questions, gotten answers, gotten the wiki to work, and then seemingly completely forgot everything about it and ran into the same problems again months later and flounders at square 1
[20:26:48] <Eytirth>	 Honistly, I thought you could make a wiki farm witha shared database for single sign on
[20:27:11] <awoo>	 (but yeah the real trouble is using CentralAuth. please don't use CentralAuth on a new farm, go for shared user db)
[20:27:53] <Eytirth>	 I am bored enough that I may have to try my hand at making a shared user DB pair of wikis
[20:28:17] <awoo>	 shared user db doesn't solve SSO, but it solves a lot of other problems
[20:29:16] <awoo>	 SSO across multiple domains is going to be challenging regardless of how your user db is structured
[20:30:37] <Eytirth>	 Even a shared DB where you sign on for each wiki seems less of a plain then CentralAuth
[20:34:13] <Eytirth>	 Why would someone even bother with CentralAuth for a new farm? Seems a big waste of timer