Store a real revision for large grace period edits

(Sam Saffron) #1

I think a very awesome change would be to calculate “amount of diff” prior to deciding if an edit requires storage of a real revision or not.

If you changed 5 letters in a post, sure it can be a “grace period” edit with no revision stored. If you deleted 10 paragraphs it should never be considered a “grace period edit” and a revision should be stored.

I suggest:

grace_period_edits_max_chars_changed default to: 30

Any larger changes deserve to be tracked anyway and can be vectors for abuse, so this would be a great change on 2 levels.

  1. It protects end users from “mistake” nuking own post with a ninja edit (cause a revision will be stored)

  2. It protects the community from “bad actors” that abuse ninja edits and starts surfacing them.

Can not think of any downsides really.

Delay after editing a post due to Cloudflare
(Jeff Atwood) #2

I would wait to see how often this happens again… because I think there is significant risk in what you are describing. I don’t want to do a knee-jerk “bad thing happened once, therefore radical change” response on this.

As for abuse, that will be handled by TL0 not getting ANY grace period on edits.

(Sam Saffron) #3

This is the exact vector a lot of TL0 spam entered the system, so there is tons of precedent there, though we protect otherwise.

(Jeff Atwood) #4

Like I said

So that is a non issue at the moment. I am the type of poster who makes a LOT of grace period edits, so your proposed change to save yourself one mistake one time, would really screw me over.

(Sam Saffron) #5

Until spambots figure out how to get to TL1… it will happen I can guarentee that.

Not rushing to fix this, but I can not think of any downsides.

(Jeff Atwood) #6

As someone who makes extensive grace period edits on the regular, I can think of many ways your heuristic would screw me over.

(Mittineague) #7

I also make a lot of grace period edits and I wouldn’t want to be prevented from making them.

On the other hand, I could live with a type of “really want to make major changes?” educational/confirm modal.

(Sam Saffron) #8

Oh this is completely misreading my feature request here. And I think @codinghorror also misread it.

I don’t want to stop edits in these cases.

All I want is to create a proper revision in the post_revisions table for any large edits made.

(Jeff Atwood) #9

Ohhhh aha my bad, I indeed misunderstood. Carry on then, apologies!

(Dje4321) #10

Sounds like a good idea though i do think the default limit of 30 might be a bit high. 30 characters could completely change the meaning or point of a post with no edit history. Why not something closer to 10-15? that would allow room for the occasional missed word or bad spelling without much room for post changing edits

(Matt Palmer) #11

You can change the meaning of a post with a three character change. This isn’t about highlighting “change of meaning”, it’s to prevent accidents and abuse.

(Dje4321) #12

Thats fair but i still feel like 30 characters is too much.

(Matt Palmer) #13

This is why site settings exist.

(Sam Saffron) #14

This is now in place with:

Implementation is quite complete which means you can not sneak in GIANT edits with no revisions by sneaking in lots and lots of small edits.

@codinghorror I feel given this change we are protected from a certain ugly vector of spam abuse cause we now have proper auditing.

I think we can drop “Disable edit grace period for TL0 users by default” from the release … with this change it is no longer really needed.

Discourse Version 2.0
(Jeff Atwood) #15

Hmm, I am not sure I am totally comfortable with that, but I guess we can give it a try and see?

Wait, 20 characters? that’s way too small of a default. I could quickly add one sentence and that would trigger…

(Sam Saffron) #16

I am not married to 20 chars, just feel that in general it is enough. I would like to deploy to BBS and look at the resulting revisions 24h later. If you want to push it to 30 or 40 we can.

(Jeff Atwood) #17

20 chars is wayyyy low, I set it to 100, let’s start with that. Even that might be too small.

(Joshua Rosenfeld) #18

Wait…if we’re increasing this setting to 100 (or even more) I think we still need the Disable edit grace period for TL0 users by default feature. 100 characters is plenty of room for a user to turn a valid post into spam, add an inappropriate image, etc. without triggering an edit log.

(Sam Saffron) #19

In theory, absolutely, even 20 chars can be enough to insert a bad url. In practice though this is not what we observed.

I think we can wait and see with this change.

There is always the atomic, min trust to edit post = 10 which can work around any community being spammed.

EDIT I triggered a revision under new rules here

(Richard - #20

I thought that was just me!!! Yes… I’m not alone.