On Tue, Sep 29, 2015 at 10:56 PM, Quim Gil <[email protected]> wrote:
> Hi, let me try to help with the tools I have at hand, even if I understand > that that is not the whole picture or the whole solution. > > On Wed, Sep 30, 2015 at 6:07 AM, Kevin Gorman <[email protected]> wrote: > >> what are apparently serious enough security problems (enough to call it a >> 'significant >> attack vector') > > > Are these problems reported as tasks in Phabricator? If so, please share > the links here. If not, reporting them is the first step. > He was getting that from me. Yes, there are quite a few of them in Phabricator plus lingering concerns because of previous issues that would desire a more complete security review. I'm happy to share them with you offlist tomorrow (they are all under security bugs and I would rather not share them on a list this public). I also just wanted to let people know that I'm still following this thread and will respond more fully tomorrow (I apologize for less response today then yesterday it's been a busy day with a couple fires to put out and I have to go to a late night meeting in a couple minutes). For a quick response to a couple of the previous emails however: I don't have any magic powers to get resources (I don't have near enough myself :-/ for the amount of work people want me to do) but I definitely want to ensure that those using the extension continue to have options and I know that Floor and others do too, this is in no way desired to be a secret behind closed door decision on what to do in terms of fixes/replacements etc. We're putting in these temp fixes because we believe it's the best move right now (my understanding was that the likely hood of fixing the holes or getting a replacement very quickly was small) but it's certainly not the end of the discussion. James Alexander Manager Trust & Safety Wikimedia Foundation (415) 839-6885 x6716 @jamesofur
_______________________________________________ Education mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/education
