MediaWiki

Wikimedia Security Team/AppSec Clinic Minutes/2024-12-09

< Wikimedia Security Team | AppSec Clinic Minutes

Date: 2024-12-09

Dashboard: https://phabricator.wikimedia.org/portal/view/3/

Attending: SBassett_(WMF), MMartorana_(WMF), MStyles_(WMF), JLy-WMF

Previous Tasks

edit
  1. MMartorana_(WMF)
    1. T380014 - Jimmy onboarding, stat kerberos then done
    2. T381033 - Still investigating
  2. MStyles_(WMF)
    1. T367677 - 3D upgrade, waiting on reviewers
  3. SBassett_(WMF)
    1. T364776 - waiting, possibly investigate self based upon Aaron's advice
    2. T380322 - rated low-risk, possibly remove
  4. JLy-WMF
  5. ACooper-WMF
  6. Reedy
    1. T373933 - Seems in-progress?
    2. T375537 - processed, Reedy to be working on it?
    3. T376563 - Publish public "Rules of Engagement" for security researchers and people reporting security vulnerabilities
    4. T379176 - moved to watching, assigned to Reedy

New Phabricator Tasks Reviewed

edit
  1. T381753 - Assigned to MMartorana_(WMF), untag, recommend pushing to gerrit, add to supplemental
  2. T380392 - Untagged, suggested contacting Legal
  3. T381430 - Assigned to MStyles_(WMF)
  4. T381442 - Follow task
  5. T381462 - Assigned to SBassett_(WMF)
  6. T381522 - Assigned to MMartorana_(WMF)
  7. T381617 - Assigned to SBassett_(WMF)
  8. T381625 - Assigned to JLy-WMF for review
  9. T381769 - Assigned to MStyles_(WMF) for triage

Additional Notes

edit
  1. JLy-WMF suggested we use this meeting to try to address items from the #Security backlog. This was agreed to be a good idea, so next week we will start to triage 3 to 5 old #Security items with the primary goal of declining/invalidating them (likely many could be), merging to newer, similar tasks or triaging/trying to find ownership if they are still relevant. This process will be created and documented at the next AppSec clinic.
Retrieved from "https://www.mediawiki.org/w/index.php?title=Wikimedia_Security_Team/AppSec_Clinic_Minutes/2024-12-09&oldid=6895546"