[13:32:47] [[Tech]]; 136.228.56.130; [none]; https://meta.wikimedia.org/w/index.php?diff=22418824&oldid=22417292&rcid=20843717 [13:33:03] [[Tech]]; NguoiDungKhongDinhDanh; Undid edits by [[Special:Contribs/136.228.56.130|136.228.56.130]] ([[User talk:136.228.56.130|talk]]) to last version by ArchiverBot; https://meta.wikimedia.org/w/index.php?diff=22418825&oldid=22418824&rcid=20843718 [13:33:22] [[Tech]]; 136.228.56.130; [none]; https://meta.wikimedia.org/w/index.php?diff=22418826&oldid=22418825&rcid=20843722 [13:33:28] [[Tech]]; Stang; Reverted changes by [[Special:Contributions/136.228.56.130|136.228.56.130]] ([[User talk:136.228.56.130|talk]]) to last version by NguoiDungKhongDinhDanh; https://meta.wikimedia.org/w/index.php?diff=22418827&oldid=22418826&rcid=20843723 [14:29:28] [[Tech]]; WeeJeeVee; /* Dutch Wikisource has a problem */ new section; https://meta.wikimedia.org/w/index.php?diff=22418998&oldid=22418827&rcid=20844243 [15:21:09] [[Tech]]; Base; /* Dutch Wikisource has a problem */; https://meta.wikimedia.org/w/index.php?diff=22419221&oldid=22418998&rcid=20844583 [17:52:46] [[Tech]]; Marcin9374; /* Leave feel pressing on body */ new section; https://meta.wikimedia.org/w/index.php?diff=22419762&oldid=22419221&rcid=20845503 [17:53:29] [[Tech]]; AntiCompositeNumber; Reverted 1 edit by [[Special:Contributions/Marcin9374|Marcin9374]] ([[User talk:Marcin9374|talk]]): Off topic (TwinkleGlobal); https://meta.wikimedia.org/w/index.php?diff=22419764&oldid=22419762&rcid=20845506 [18:24:03] The security issue was unfortunate but I'm not sure what could've been done differently. I think our practice of disclosing (invalid) security issues is a good one, and I wouldn't want to see that go away just to avoid the exceptional case where we misunderstood the report. [18:42:28] Definitely, I don't think there is really anything that can be done to prevent something like that happening. Its just really surprising that no one looked at the screenshot and realized that there was HTML in the captions, even if there wasn't any JavaScript being executed. And as AntiComposite said, it could have been that everyone was focused on the page itself and didn't click the more languages button under the captions. [20:27:57] I think it's worth also acknowledging potential biases here—speaking for myself, I think I definitely was leaning towards "correctly marked invalid" as a result of the poor English. While obviously I can't speak for the people involved in the ticket, I'm sure it's potentially a factor as well. [20:28:59] It was also even the other day when I was messaging someone here about the "beg bounty" trope/stereotype, which I assumed this more-or-less was: https://www.troyhunt.com/beg-bounties/ [21:48:42] The other point is... The reporter didn't come back and go "but do this, you missed it" [21:49:17] Sure, there was a bug or two in there... But if the report is poor, it's not actionable [21:49:39] I think bawolff's comment is pretty succint. If they don't provide a proper reproducible report... [21:51:47] Suddenly reappearing after the further action on the bug report is odd [21:55:03] I think the default setting on phab is that you get an email when a comment is written on a task that you are subscribed to. [21:55:06] I assume they suddenly reappeared in response to the email they would've gotten from Dylsss's comment [21:55:09] * merryprog nods [22:16:34] Sure, but they didn't when it was closed originally [23:54:07] they probably missed it, so are things