Re: [Wikitech-l] RFC: Add Content-Security-Policy header to MediaWiki

With the disclaimer that I'm not a security engineer and that I understand only parts of this proposal, in general this strikes me as a good idea. It seems to me that trying to develop a comprehensive list of what tools / scripts this proposal would likely break, how important those breaks are,

[Wikitech-l] ArchCom-RFC status update: 2016-W20

Hi everyone, Here's the ArchCom RFC status update for 2016-W20 [1], which is also available via mw:Architecture_committee/Status [2] = Recent RFC meetings = * ArchCom Planning meeting 2016W20: 2016-05-18: [[Phab:E183]] (E156/7) ** Notes: [[Architecture committee/2016-05-18]] *

[Wikitech-l] RFC: Add Content-Security-Policy header to MediaWiki

So the RFC process page says I should email wikitech-l to propose an RFC, thus: Content-Security-Policy (CSP) header is a header that disables certain javascript features that are commonly used to exploit XSS attacks, in order to mitigate the risks of XSS. I think we could massively benefit from

[Wikitech-l] [MediaWiki-announce] Security Release: 1.26.3, 1.25.6, and 1.23.14

I would like to announce the release of MediaWiki 1.26.3, 1.25.6 and 1.23.14. These releases fix sixteen security issues in core, one issue in the bundled extension SyntaxHighlight_GeSHi and one issue in the non-bundled extension Scribunto. Download links are given at the end of this email. ==

Re: [Wikitech-l] update: wikipedia.org portal

rupert THURNER wrote: >ah, interesting. moving this to git sounds ok to me from a technical >viewpoint. i read >https://www.mediawiki.org/wiki/Wikipedia.org_Portal/Migration_to_gerrit. >despite that i am not clear how the current portal maintainers would >then activate a proposal e.g. from the

[Wikitech-l] Discovery Weekly Update for the week starting 2016-05-16

Hi, Here is this week's update from the Discovery department. * A Wikipedia.org survey was run from May 10 - 17, 2016 to determine how visitors arrived at the portal page. Survey results here. [1] * A Wikipedia.org production release was done on May 18, 2016 which added descriptive text to the

Re: [Wikitech-l] update: wikipedia.org portal

MZMcBride wrote: > rupert THURNER wrote: >>quim, i would not be angry if you would show a little bit more empathy >>towards a client, a volunteer. if mzmcbride is right and there is a >>well established procedure to change this page which was not followed, >>the person not following might read the