Wikimedia Security Team/Security Review Scrum/2019-09-17

Date/time: September 17th, 2019 - 10:00 AM PDT

Attending: Scott, Jennifer, Sam

Backlog

  • ^ Security readiness review for the MachineVision extension, unassigned https://phabricator.wikimedia.org/T227346
  • John to explore funding of 3rd party audits this quarter, stalled - https://phabricator.wikimedia.org/T155537, https://phabricator.wikimedia.org/T156960, https://phabricator.wikimedia.org/T148246, https://phabricator.wikimedia.org/T187846
  • Planet Wikimedia,unassigned https://phabricator.wikimedia.org/T207246
  • ^ Security Concept Review For client side error logging js client,unassigned https://phabricator.wikimedia.org/T232820

Active

  • Security Review for MediaWiki REST API, assigned to Sam, https://phabricator.wikimedia.org/T230140
  • Security review of Ex:DoubleWiki, in-progress - https://phabricator.wikimedia.org/T131199
  • ^ Parsoid-PHP, moved to active, Scott this week - https://phabricator.wikimedia.org/T227209
  • ^ Page Content Service route /page/mobile-html, Scott will post 9/17 - https://phabricator.wikimedia.org/T227114
  • Security review of WebAuthn library dependancies, in-progress - https://phabricator.wikimedia.org/T227244

Waiting

  • Labs db/sanitarium and maintain-views.yaml audits, assigned to James F, stalled - https://phabricator.wikimedia.org/T169097, https://phabricator.wikimedia.org/T103011

Frozen (delayed indefinitely)

  • Banner preview, stalled - https://phabricator.wikimedia.org/T230176
  • ^ Security review of preact 8.4.2, Scott did a very simple assessment, unassigned, stalled https://phabricator.wikimedia.org/T227726

Closing Soon / Closed

  • ^ Audiences growth team emails concept review, closed - https://phabricator.wikimedia.org/T220242