fishtest icon indicating copy to clipboard operation
fishtest copied to clipboard

Published 20 hours ago verified publisher icon glinscott

Limit fishtest wiki write permissions

Open Disservin opened this issue 3 years ago • 1 comments

Currently anyone can edit the fishtest wiki. Data and guides could easily be lost.

Change it under Settings -> General -> Features -> Wiki -> Restrict editing to collaborators

and invite people as collaborators that should be able to change the wiki, such as vondele who posts to Useful Data

Disservin avatar Sep 26 '22 09:09 Disservin

I think only the repo owner can set this. I have write permissions but I'm unable to change the settings

zungur avatar Oct 14 '22 01:10 zungur

But a lot of the people who edit the Wiki are not collaborators anyways.

XInTheDark avatar Oct 26 '22 11:10 XInTheDark

Please change this!! https://github.com/glinscott/fishtest/wiki/Building-Stockfish-on-Windows/_history and https://github.com/glinscott/fishtest/wiki/Build-cutechess-with-Qt5-static/_history

both had malicious links for 6 entire days!!

Disservin avatar Nov 19 '22 14:11 Disservin

And https://github.com/glinscott/fishtest/wiki/Advanced-topics

dav1312 avatar Nov 19 '22 14:11 dav1312

  1. Limit contributions to collaborators only
  2. Create a "team" of collaborators with read access only
  3. Based on the last link, "read" is the most minimal level of permission needed to edit the wiki
  4. New people will have to manually be added (and thus request access) to this team but it should prevent malicious edits in the future

Links below:

https://docs.github.com/en/communities/documenting-your-project-with-wikis/changing-access-permissions-for-wikis

https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository#inviting-a-team-or-person

https://docs.github.com/en/organizations/managing-user-access-to-your-organizations-repositories/repository-roles-for-an-organization#permissions-for-each-role

silversolver1 avatar Nov 19 '22 16:11 silversolver1

Unfortunately the above described links do not work for organizations, they would work for fishtest however. For the stockfish repository we created a new webhook so that we get a notification on discord whenever someone changes something in the wiki. This would be useful for fishtest as well but requires the registration of a new webhook in the settings.

Disservin avatar Dec 03 '22 16:12 Disservin

https://discord.com/channels/435943710472011776/825445240772755476/1049929539272331305

We now get updates in discord when someone changes the wiki in either stockfish or fishtest. This I will close this since any malicious activity should be spotted quite easily.

Disservin avatar Dec 07 '22 06:12 Disservin