Wikimedia Security Team/Security Review Planning/2022-04-05

Minutes for the Security Team's Q4 2022 (April to June) quarterly planning session

Attending: MStyles, SBassett, MMartorana

Completed Reviews, Previous Quarter

  1. Abs Wiki Function Orchestrator (Mstyles) (https://phabricator.wikimedia.org/T289322#7621518)
  2. Developer Portal static site tools (Mstyles) (https://phabricator.wikimedia.org/T297167#7776403)
  3. Abs Wiki WikiLambda Extension (MMartorana) (https://phabricator.wikimedia.org/T289322#7623085)
  4. WikiSEO Extension (MMartorana) (https://phabricator.wikimedia.org/T295065#7825096)
  5. Abs Wiki Function Evaluator (SBassett) (https://phabricator.wikimedia.org/T289322#7684639)
  6. Wikipedia Birthday Buddies JS lib (SBassett) (https://phabricator.wikimedia.org/T297816#7621649)
  7. Re-review of IP Info (SBassett) (https://phabricator.wikimedia.org/T260822#7754242)

Reviews That Need Follow-Up This Quarter

  1. Trusted GitLab Runners (likely out of scope) (https://phabricator.wikimedia.org/T304514)
  2. OIT LDAP (verify takedown at end of quarter) (https://phabricator.wikimedia.org/T155537)
  3. Wikispeech (re-evaluation and re-prioritization) (https://phabricator.wikimedia.org/T180021)

Accepted Reviews To Complete This Quarter

  1. Wikistories extension (SBassett) (https://phabricator.wikimedia.org/T301389)
  2. Abs Wiki Function Schemata (SBassett) (https://phabricator.wikimedia.org/T302472)
  3. Codex component library (MMartorana)(https://phabricator.wikimedia.org/T302772)
  4. Image Suggestions Service (MMartorana) (https://phabricator.wikimedia.org/T304885)
  5. SimilarUsers extension (Mstyles) (https://phabricator.wikimedia.org/T304631)
  6. Campaigns Registration System (Mstyles) (https://phabricator.wikimedia.org/T290248)

Updates Made For Other Review Tasks

  1. Mailman3 (still a soft decline, vendor?) (https://phabricator.wikimedia.org/T289899#7403112)
  2. Design of Toolforge Kubernetes (officially declined, pentest of wmcs) (https://phabricator.wikimedia.org/T245205)