sbassett closed this task as "Resolved".
sbassett claimed this task.
TASK DETAIL
https://phabricator.wikimedia.org/T356764
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: ArthurTaylor, sbassett, gerritbot, Michael
sbassett reassigned this task from sbassett to Lucas_Werkmeister_WMDE.
TASK DETAIL
https://phabricator.wikimedia.org/T356764
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Lucas_Werkmeister_WMDE, sbassett
Cc: ArthurTaylor, sbassett, gerritbot
sbassett added a comment.
In T356764#9701739 <https://phabricator.wikimedia.org/T356764#9701739>,
@Lucas_Werkmeister_WMDE wrote:
> I think we can make this task public now? As far as I understand, the
release happened and T353904 only remains open because the CVEs haven’t been
sbassett removed a project: Patch-For-Review.
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
TASK DETAIL
https://phabricator.wikimedi
sbassett triaged this task as "Low" priority.
sbassett added a project: Tools.
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
sbassett ch
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
sbassett changed Risk Rating from N/A to Low.
TASK DETAIL
https://phabricator.wikimedi
sbassett removed a project: Patch-For-Review.
TASK DETAIL
https://phabricator.wikimedia.org/T357101
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Lucas_Werkmeister_WMDE, sbassett
Cc: Lydia_Pintscher, gerritbot, jnuche, Mstyles, sbassett, mmartorana
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
sbassett changed Risk Rating from N/A to Low.
TASK DETAIL
https://phabricator.wikimedi
sbassett moved this task from Incoming to Watching on the Security-Team board.
sbassett added a project: SecTeam-Processed.
TASK DETAIL
https://phabricator.wikimedia.org/T352877
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
TASK DETAIL
https://phabricator.wikimedia.org/T352877
EMAIL PREFERENCES
https://
sbassett added a comment.
Yes, it can be made public soon. We've been waiting on Mitre to get us the
CVEs for the next supplemental security release (T340874) (where this issue is
included) and we just got those at the end of last week. So the supplemental
security release should come out
sbassett added a comment.
In T340201#9213154 <https://phabricator.wikimedia.org/T340201#9213154>,
@Reedy wrote:
> I'm curious how we can track issues found by this...
>
> Just xref this task in the description?
We could subtask them under this task. Or sure, cros
sbassett added a comment.
In T332953#8769056 <https://phabricator.wikimedia.org/T332953#8769056>,
@thcipriani wrote:
> - Tricky part: recreate mediawiki-i18n-check, only run on changes from
l10nbot/localization (may/likely to require changes to GitLab client code, too)
T
sbassett updated the task description.
TASK DETAIL
https://phabricator.wikimedia.org/T332953
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: bking, bd808, Ladsgroup, Krinkle, Legoktm, tstarling, Physikerwelt,
dcausse, Jdrewniak, taavi
sbassett added a comment.
In T329121#8636168 <https://phabricator.wikimedia.org/T329121#8636168>,
@Michael wrote:
> That being said, the query builder is just static files. It could
potentially just run on their page natively, maybe needs a few changes and a
bit of documenta
sbassett moved this task from Incoming to In Progress on the Security-Team
board.
sbassett added a project: SecTeam-Processed.
TASK DETAIL
https://phabricator.wikimedia.org/T329121
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https
sbassett added a comment.
In T329121#8620995 <https://phabricator.wikimedia.org/T329121#8620995>,
@ItamarWMDE wrote:
> Unfortunately, it seems like we cannot do this as these headers were
requested by the WMF security team it seems. In addition, this might expose us
to s
sbassett removed a project: Patch-For-Review.
TASK DETAIL
https://phabricator.wikimedia.org/T323592
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Mstyles, sbassett
Cc: Mstyles, sbassett, Jdforrester-WMF, WMDE-leszek, Michael, Aklapper
sbassett changed Risk Rating from N/A to Low.
TASK DETAIL
https://phabricator.wikimedia.org/T321318
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: sbassett, Jakob_WMDE, WMDE-leszek, Aklapper, Lucas_Werkmeister_WMDE,
Astuthiodit_1
sbassett added a comment.
In T321318#8407900 <https://phabricator.wikimedia.org/T321318#8407900>,
@WMDE-leszek wrote:
> Good point @sbassett. For that reasons it was actually worked upon in the
open on Gerrit
Ok. Is there a change set we could reference here? Searching
sbassett moved this task from Watching to Our Part Is Done on the Security-Team
board.
sbassett added a comment.
In T308659#8037779 <https://phabricator.wikimedia.org/T308659#8037779>,
@Lucas_Werkmeister_WMDE wrote:
> I think we’re done here (but please reopen if the task sho
sbassett added a comment.
In T308659#8036319 <https://phabricator.wikimedia.org/T308659#8036319>,
@MoritzMuehlenhoff wrote:
> This appeared in the CVE feed as
https://www.cve.org/CVERecord?id=CVE-2022-34750
Yes, I requested that ID a couple of days ago and forgot to update
sbassett triaged this task as "Low" priority.
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
sbassett changed Risk Rating from N/A to Low
sbassett triaged this task as "Low" priority.
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
sbassett changed Risk Rating from N/A to Low
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
TASK DETAIL
https://phabricator.wikimedia.org/T302215
EMAIL PREFERENCES
https://
sbassett removed a project: Security-Team.
TASK DETAIL
https://phabricator.wikimedia.org/T294151
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: Dsharpe, Lucas_Werkmeister_WMDE, Silvan_WMDE, Tarrow, sbassett, Aklapper,
Jdforrester-WMF
sbassett added a project: SecTeam-Processed.
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
sbassett changed Risk Rating from N/A to Low.
TASK DE
sbassett edited projects, added SecTeam-Processed; removed Security-Team.
sbassett added a comment.
@ItamarWMDE - re: security reviews, please see the current SOP at
https://www.mediawiki.org/wiki/Security/SOP/Application_Security_Reviews.
From what I'm seeing in the change set
sbassett added a comment.
In T292110#7614949 <https://phabricator.wikimedia.org/T292110#7614949>,
@Michaelcochez wrote:
> @Reedy could you have a look at the current security policy
https://github.com/martaannaj/RecommenderServer/security/policy and if this is
fine cl
sbassett closed this task as "Resolved".
sbassett added a comment.
We're going to resolve this for now as {icon check-circle color=green} **low
risk** since none of the new security tooling added to the Github repo has
returned any medium+ risk actionable issues. One caveat would
sbassett added a parent task: Restricted Task.
TASK DETAIL
https://phabricator.wikimedia.org/T294693
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Urbanecm, sbassett
Cc: Zabe, gerritbot, Reedy, Mohammed_Sadat_WMDE, Rosalie_WMDE, Lea_WMDE, dang
sbassett added a parent task: Restricted Task.
TASK DETAIL
https://phabricator.wikimedia.org/T296578
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: Zabe, Rosalie_WMDE, Addshore, toan, sbassett, karapayneWMDE, Manuel,
Lydia_Pintscher
sbassett added a parent task: Restricted Task.
TASK DETAIL
https://phabricator.wikimedia.org/T297570
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Lucas_Werkmeister_WMDE, sbassett
Cc: Zabe, Bugreporter, hashar, Jakob_WMDE, noarave, toan
sbassett closed this task as "Resolved".
TASK DETAIL
https://phabricator.wikimedia.org/T297570
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Lucas_Werkmeister_WMDE, sbassett
Cc: Zabe, Bugreporter, hashar, Jakob_WMDE, noarave, toan, Ro
sbassett closed this task as "Resolved".
TASK DETAIL
https://phabricator.wikimedia.org/T294693
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Urbanecm, sbassett
Cc: Zabe, gerritbot, Reedy, Mohammed_Sadat_WMDE, Rosalie_WMDE, Lea_
sbassett added a comment.
In T292110#7574265 <https://phabricator.wikimedia.org/T292110#7574265>,
@Michaelcochez wrote:
> @sbassett Is that something which should be checked now, during the
security readiness review, or only later upon deployment?
>
> I have added
sbassett added a comment.
In T292110#7573952 <https://phabricator.wikimedia.org/T292110#7573952>,
@Michaelcochez wrote:
> 1. should we solve this by also having this internal service use https ?
> 2. and if so, where would i get a certificate/key for that?
I
sbassett added a comment.
In T292110#7571382 <https://phabricator.wikimedia.org/T292110#7571382>,
@Michaelcochez wrote:
> I have now added gokart. The github action was not working out of the box,
because of some missing configuration parameters in the example. I opened a
pul
sbassett added a comment.
@Michaelcochez - Thanks for getting gosec set up within the project's Github
CI. just reviewing some recent runs
<https://github.com/martaannaj/RecommenderServer/actions/workflows/gosec.yml>,
it doesn't seem like it's found much, which is good, and we'd
sbassett changed the task status from "In Progress" to "Stalled".
sbassett added a comment.
Stalling until more security/linting automation has been officially set up in
CI. We'll then plan to use the results of some of that tooling, in addition to
some manua
sbassett added a comment.
Hey @WMDE-leszek - we're going to have @reedy give this a first look for a
security review. Hopefully they can have a report deliverable for you later
this quarter or early next. At that point we can reassess any additional needs.
TASK DETAIL
https
sbassett raised the priority of this task from "Low" to "Medium".
TASK DETAIL
https://phabricator.wikimedia.org/T292110
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Reedy, sbassett
Cc: sbassett, Michaelcochez, Martaannaj, Lydia
sbassett changed the task status from "Stalled" to "In Progress".
TASK DETAIL
https://phabricator.wikimedia.org/T292110
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Reedy, sbassett
Cc: sbassett, Michaelcochez, Martaannaj, Lydia
sbassett assigned this task to Reedy.
sbassett moved this task from Q1: 2021 Planning Queue to In Progress on the
secscrum board.
TASK DETAIL
https://phabricator.wikimedia.org/T292110
WORKBOARD
https://phabricator.wikimedia.org/project/board/4630/
EMAIL PREFERENCES
https
sbassett added a comment.
Hey @WMDE-leszek - We're still working through some possibilities for
engaging a vendor for this work. Hopefully I can have an answer in another
week or so for you and your team. If the vendor path falls through, we'd
likely need to schedule this review for early
sbassett added a comment.
In T292110#7412589 <https://phabricator.wikimedia.org/T292110#7412589>,
@Addshore wrote:
> Quick follow up incase the intent of this ticket was misunderstood.
> This is a security review request for deploying the service to Wikimedia
Production,
sbassett added a comment.
In T292110#7405421 <https://phabricator.wikimedia.org/T292110#7405421>,
@WMDE-leszek wrote:
> @sbassett Opening this request was meant as an indication of WMDE
understanding the "fast track" deployment is not an option. Apologies for not
sbassett changed the task status from "Open" to "Stalled".
sbassett triaged this task as "Low" priority.
sbassett added a comment.
Stalling this review for now pending further discussion at T285098
<https://phabricator.wikimedia.org/T285098>. We may st
sbassett added a comment.
Hey all-
We've received the security review request (T292110
<https://phabricator.wikimedia.org/T292110>) for this and will plan to include
it within our review planning session this week (whether it's accepted for the
quarter as-is or not is a separate
sbassett added a comment.
@Ladsgroup et al - LGTM for now, +1.
TASK DETAIL
https://phabricator.wikimedia.org/T285761
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: toan, sbassett
Cc: RhinosF1, Manuel, valerio.bozzolan, Lucas_Werkmeister_WMDE
sbassett closed this task as "Resolved".
sbassett moved this task from Waiting to Our Part Is Done on the secscrum board.
TASK DETAIL
https://phabricator.wikimedia.org/T264822
WORKBOARD
https://phabricator.wikimedia.org/project/board/4630/
EMAIL PREFERENC
sbassett closed subtask T264822: (MS 7) Security Readiness Review For Wikidata
Query Builder as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T266703
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Ladsgroup, sbassett
Cc: Manuel, Ladsgroup
sbassett closed subtask T264822: (MS 7) Security Readiness Review For Wikidata
Query Builder as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T276210
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Botoxparty, sbassett
Cc
sbassett closed subtask T264822: (MS 7) Security Readiness Review For Wikidata
Query Builder as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T280229
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Botoxparty, sbassett
Cc: Aklapper
sbassett closed subtask T264822: (MS 7) Security Readiness Review For Wikidata
Query Builder as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T280230
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Botoxparty, sbassett
Cc
sbassett added a comment.
In T264822#7270301 <https://phabricator.wikimedia.org/T264822#7270301>,
@Michael wrote:
> Just to record it, as checked just now, with the current HEAD of the master
branch, `npm audit` finds **0** vulnerabilities.
I arrived at the same resul
sbassett added a comment.
In T264822#7269255 <https://phabricator.wikimedia.org/T264822#7269255>,
@Ladsgroup wrote:
> This is done. And given that we now migrated to vite/rollup, does that
improve the security risk? If so, can this be reflated somewhere? :D
That is the
sbassett added a comment.
In T285761#7227281 <https://phabricator.wikimedia.org/T285761#7227281>,
@Michael wrote:
> Especially because the Query Builder will //work// without these headers,
so we might not even notice it until the security team gives us the evil eye.
TA
sbassett added a comment.
In T285761#7198527 <https://phabricator.wikimedia.org/T285761#7198527>,
@Michael wrote:
> We discussed that these headers are likely not to be added in the Query
Builder code itself, but in the Apache server configuration, which probably
does not li
sbassett added a comment.
In T264822#7183569 <https://phabricator.wikimedia.org/T264822#7183569>,
@Ladsgroup wrote:
> Created T285761: Add proper security headers to Query Builder
<https://phabricator.wikimedia.org/T285761> for headers.
Sounds good. The defau
sbassett added subscribers: Mstyles, Reedy.
sbassett added a comment.
!!**Security Review Summary - TT264822 - 2021-06-25**!!
**Last commit reviewed: 2d65299a44**
**Summary**
Overall, the current Query Builder code looks fairly secure with certain
issues outlined below. I would
sbassett added a project: SecTeam-Processed.
TASK DETAIL
https://phabricator.wikimedia.org/T284137
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: dcausse, sbassett
Cc: dev.kadirselcuk, sbassett, Aklapper, mickeybarber, Xenophon, Seb35,
VIGNERON
sbassett removed a project: Security-Team.
TASK DETAIL
https://phabricator.wikimedia.org/T284137
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: dcausse, sbassett
Cc: dev.kadirselcuk, sbassett, Aklapper, mickeybarber, Xenophon, Seb35,
VIGNERON
sbassett added a comment.
In T284137#7151424 <https://phabricator.wikimedia.org/T284137#7151424>,
@Seb35 wrote:
> Indeed, this task can become public. @Aklapper: could you remove the
protection of this task?
Done.
TASK DETAIL
https://phabricator.wikimedia.org/T2841
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
TASK DETAIL
https://phabricator.wikimedia.org/T284137
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: dcausse, sbassett
Cc: Aklapper, mickeybar
sbassett claimed this task.
sbassett added a project: user-sbassett.
TASK DETAIL
https://phabricator.wikimedia.org/T264822
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: Addshore, sbassett, Michael, Ladsgroup, Lydia_Pintscher
sbassett added a comment.
@Lydia_Pintscher - We've tentatively scheduled this review for our 4th
quarter, which began April 1st and will continue until June 30th, 2021. We
should have this review completed by the end of this quarter at the latest.
Please feel free to let us know if you
sbassett merged a task: Restricted Task.
sbassett added subscribers: Urbanecm, sbassett, WMDE-leszek, Addshore,
Lydia_Pintscher.
TASK DETAIL
https://phabricator.wikimedia.org/T257002
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc
sbassett added a comment.
In T272130#6802796 <https://phabricator.wikimedia.org/T272130#6802796>,
@Addshore wrote:
> So, this will be deployed via a build in jenkins (ideally), so that it uses
the same process and the query gui.
> This is just about to be created by
sbassett added a comment.
Note: I committed the deletion of the two wmf.28 Wikibase patches under
`/srv/patches` on the deployment server (`5578144525`) since wmf.28 was rolled
back and as noted by gerritbot above, https://gerrit.wikimedia.org/r/658323 and
https://gerrit.wikimedia.org/r
sbassett added a project: SecTeam-Processed.
TASK DETAIL
https://phabricator.wikimedia.org/T272130
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: sbassett, Michael, Ladsgroup, Jakob_WMDE, DannyS712, Aklapper,
Lydia_Pintscher, Devnull
sbassett added a comment.
@Ladsgroup @Michael
TASK DETAIL
https://phabricator.wikimedia.org/T272130
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: sbassett, Michael, Ladsgroup, Jakob_WMDE, DannyS712, Aklapper,
Lydia_Pintscher
sbassett added a comment.
> Hello security team, it would be great if we can have a comment on this
ticket on whether it's okay to have it on github or not. We are planning to
deploy this to production as a static site.
@Ladsgroup @Michael - we'll chat about this as a team at our cli
sbassett moved this task from Watching to Our Part Is Done on the Security-Team
board.
sbassett lowered the priority of this task from "High" to "Low".
TASK DETAIL
https://phabricator.wikimedia.org/T260349
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
TASK DETAIL
https://phabricator.wikimedia.org/T272534
EMAIL PREFERENCES
https://
sbassett closed this task as "Resolved".
sbassett moved this task from Waiting to Our Part Is Done on the secscrum board.
sbassett added a comment.
@darthmon_wmde - I assume there are no further questions about my above
explanation? I'll plan to resolve this task for now. We can
sbassett added a comment.
In T249039#6362819 <https://phabricator.wikimedia.org/T249039#6362819>,
@darthmon_wmde wrote:
> heads up: I am accepting the risk and we programmed the deploy to
production.
Great, thanks.
> We have already fixed
<https://gerrit.wi
sbassett added a comment.
Ping @darthmon_wmde et al - just wanted to check on where we're at here with
mediations and/or risk acceptance per my previous comment. Thanks!
TASK DETAIL
https://phabricator.wikimedia.org/T249039
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings
sbassett added a comment.
In T258323#6334121 <https://phabricator.wikimedia.org/T258323#6334121>,
@RhinosF1 wrote:
> There was a restricted task merged into this. Should it be made public as
well? (https://phabricator.wikimedia.org/T258323#6317139)
Done.
TASK DETAI
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
TASK DETAIL
https://phabricator.wikimedia.org/T238052
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: 4nn1l2, Urb
sbassett removed a project: Patch-For-Review.
sbassett moved this task from Watching to Our Part Is Done on the Security-Team
board.
TASK DETAIL
https://phabricator.wikimedia.org/T258323
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https
sbassett changed the visibility from "Custom Policy" to "Public (No Login
Required)".
TASK DETAIL
https://phabricator.wikimedia.org/T258323
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: sbassett, greg, Lucas_Werkm
sbassett added a comment.
In T249039#6322813 <https://phabricator.wikimedia.org/T249039#6322813>,
@Lucas_Werkmeister_WMDE wrote:
> I looked at these earlier and thought they all looked like false positives
Great, thanks for confirming and for your detailed analysis, wit
sbassett added a comment.
In T249039#6313032 <https://phabricator.wikimedia.org/T249039#6313032>,
@darthmon_wmde wrote:
>> (...) our current risk management policy (on officewiki
<https://office.wikimedia.org/wiki/Security/Policy/Risk_Management>, which
sadly I don't
sbassett added a comment.
In T249039#6307879 <https://phabricator.wikimedia.org/T249039#6307879>,
@darthmon_wmde wrote:
> sorry if this is a stupid question but could you please say clearly whether
we need to lower the risk on any of the points? I am not sure whether what yo
sbassett added a comment.
!!**Security Review Summary - T249039
<https://phabricator.wikimedia.org/T249039> - 2020-07-06**!!
**Last commit reviewed:**
1. Wikibase: `cbfd8bbca3bf816ace5bafdfbd112ddaa44274da`
For this review, I focused mainly upon the TypeScript app
sbassett added a comment.
**Update:** Apologies, but this is going to have to wait until Monday
2020-07-06.
TASK DETAIL
https://phabricator.wikimedia.org/T249039
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: WMDE-leszek, sbassett
sbassett added a comment.
Update: I still hope to have this security review completed by EOBD tomorrow
(10:00 PM UTC for me) but note that the review may have to be posted on Monday
2020-07-06 due to some delays. Apologies and thanks for your patience.
TASK DETAIL
https
sbassett added a comment.
So
https://gerrit.wikimedia.org/g/mediawiki/extensions/Wikibase/+/master/client/resources/Resources.php
no longer appears to exist, as it is ref'd in the task description. Does that
live somewhere else or is it just gone now?
TASK DETAIL
https
sbassett added a comment.
@Lydia_Pintscher @darthmon_wmde - I hope to have the aforementioned
due-diligence security review completed by the end of next week (Friday, July
3rd).
TASK DETAIL
https://phabricator.wikimedia.org/T249039
EMAIL PREFERENCES
https://phabricator.wikimedia.org
sbassett added a comment.
Hmm, well now I'm getting an phpunit error with
`quibble-composer-mysql-php72-noselenium-docker`:
PHP Fatal error: Cannot use 'object' as class name as it is reserved in
/workspace/src/vendor/phpunit/phpunit-mock-objects/src/Generator.php(264) :
eval()'d
sbassett removed a project: Patch-For-Review.
TASK DETAIL
https://phabricator.wikimedia.org/T230451
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: Jdforrester-WMF, Aklapper, sbassett, darthmon_wmde, Michael, Nandana, Lahi,
Gq86
sbassett added a comment.
In T230451#6257384 <https://phabricator.wikimedia.org/T230451#6257384>,
@Jdforrester-WMF wrote:
> Not sure if these release branches of Wikibase are supported. That'd be
something for the Wikidata team to determine.
I suppose REL1_32 an
sbassett added a comment.
In T249039#6224698 <https://phabricator.wikimedia.org/T249039#6224698>,
@Lydia_Pintscher wrote:
> If at all possible it'd be <3 to be ready for deployment at the beginning
of July.
We can at least have a minimal, due-diligence revi
sbassett raised the priority of this task from "Low" to "Medium".
TASK DETAIL
https://phabricator.wikimedia.org/T249039
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lu
sbassett changed the task status from "Stalled" to "Open".
TASK DETAIL
https://phabricator.wikimedia.org/T249039
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lu
sbassett added a comment.
@darthmon_wmde - I can look at this next. Did you have an updated target
date for deployment?
TASK DETAIL
https://phabricator.wikimedia.org/T249039
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: WMDE
sbassett updated the task description.
TASK DETAIL
https://phabricator.wikimedia.org/T249039
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE,
Tonina_Zhelyazkova_WMDE
sbassett changed the task status from "Open" to "Stalled".
TASK DETAIL
https://phabricator.wikimedia.org/T249039
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: sbassett
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lu
sbassett added a comment.
Hey @darthmon_wmde-
In T249039#6125290 <https://phabricator.wikimedia.org/T249039#6125290>,
@darthmon_wmde wrote:
> We have not frozen the code yet, are finishing the last 2.5 stories. Excuse
my ignorance but, do we need to be 100% finish
1 - 100 of 128 matches
Mail list logo