I don't think the blacklist should be managed locally at all. This is just a recipe for ongoing SUL fragmentation. See bug 36939.

• Bug 38762 has been marked as a duplicate of this bug. ***

(In reply to comment #1)

I don't think the blacklist should be managed locally at all. This is just a
recipe for ongoing SUL fragmentation. See bug 36939.

I'm not sure bug 36939 is related to this bug.

This bug is about a bad user creating a "Jdoe (WMF)" account and using it to impersonate a Wikimedia Foundation staffer. As a response to this scenario, admins at Meta-Wiki have attempted to blacklist accounts ending in " (WMF)" and " (WMDE)", thinking that administrators/staffers will be able to override the title blacklist when creating new WMF or WMDE accounts. However, even if an administrator can create the account, the new and unprivileged WMF or WMDE account is going to always hit issues on other wikis where the global title blacklist applies, unless these accounts are explicitly given a global user group allowing them to override the global title blacklist.

As I understand it, that is what this bug is discussing. Yes, the local title blacklists probably need to be done away with for accounts (bug 36939), but that seems like a largely separate issue from what's being discussed here.

(In reply to comment #3)

(In reply to comment #1)

I don't think the blacklist should be managed locally at all. This is just a
recipe for ongoing SUL fragmentation. See bug 36939.

I'm not sure bug 36939 is related to this bug.

It's not alternative to it, but I'd say it depends on it, because whatever solution you come up with can only be global.

Change 196266 had a related patch set uploaded (by Glaisher):
Allow auto creations of global accounts in title blacklist

https://gerrit.wikimedia.org/r/196266

Change 196266 abandoned by Glaisher:
Allow auto creations of global accounts in title blacklist

Reason:
Hmm, yeah. Better to implement a <allowautocreate> tag or sth like that.

https://gerrit.wikimedia.org/r/196266

I'm not actually clear what's needed here. Today, if we globally re-blacklist .+ (WMF) and .+ (WMDE) accounts, then only privileged users will be able to create such accounts. If a user then has a "Foo (WMF)" account made for them by a privileged user and begins using this "Foo (WMF)" account, their accounts should be able to be auto-created on local wikis, correct? So this needs a... CentralAuth change?

I don't think this would be a CentralAuth change (unless all autocreations are by CentralAuth). Proper way to do this would be to introduce a new tag to TitleBlacklist which would allow autocreations even when blacklisted (i.e., what the task description asks for).

Change 223717 had a related patch set uploaded (by Legoktm):
Add config option to disable blocking auto account creations

https://gerrit.wikimedia.org/r/223717

Change 223717 merged by jenkins-bot:
Add config option to disable blocking auto account creations

https://gerrit.wikimedia.org/r/223717

The $wgTitleBlacklistBlockAutoAccountCreation setting can now be used to disable the filtering of autocreation.