Wikimedia Security Team/Security Review Scrum/2019-09-10
Date/time: September 10th, 2019 - 10:00 AM PDT
Attending: Scott, Jennifer, Sam
Backlog
- Security readiness review for the MachineVision extension, https://phabricator.wikimedia.org/T227346
- John to explore funding of 3rd party audits this quarter, stalled - https://phabricator.wikimedia.org/T155537, https://phabricator.wikimedia.org/T156960, https://phabricator.wikimedia.org/T148246, https://phabricator.wikimedia.org/T187846
- Planet Wikimedia, https://phabricator.wikimedia.org/T207246
Active
- Security Review for MediaWiki REST API, assigned to Sam, https://phabricator.wikimedia.org/T230140
- Security review of Ex:DoubleWiki, in-progress - https://phabricator.wikimedia.org/T131199
- Parsoid-PHP, moved to active, additional review by Sam, in-progress - https://phabricator.wikimedia.org/T227209
- Security review of preact 8.4.2, Scott did a very simple assessment, unassigned, stalled https://phabricator.wikimedia.org/T227726
- Page Content Service route /page/mobile-html, starting - https://phabricator.wikimedia.org/T227114
- Security review of WebAuthn library dependancies, in-progress - https://phabricator.wikimedia.org/T227244
Waiting
- Labs db/sanitarium and maintain-views.yaml audits, assigned to James F, stalled - https://phabricator.wikimedia.org/T169097, https://phabricator.wikimedia.org/T103011
Frozen (delayed indefinitely)
- Audiences growth team emails concept review, stalled - Jen contacted to close - https://phabricator.wikimedia.org/T220242
- Banner preview, stalled - https://phabricator.wikimedia.org/T230176
Closing Soon / Closed