Hi all! This is a quick reminder that TechCom is hosting a meeting on IRC about the following RFC:
"PHP microservice for containerized shell execution" <https://phabricator.wikimedia.org/T260330> You can join us at 21:00 UTC (23:00 CEST, 2pm PDT) in the #wikimedia-office channel on freenode. Problem - For security, we need better isolation of external binaries from MediaWiki. - If we run MediaWiki itself under Kubernetes, the resulting container should be as small as possible, so it should ideally exclude unnecessary binaries. - It's difficult to deploy bleeding-edge versions of external binaries when they necessarily share an OS with MediaWiki. Proposal - Have a PHP microservice, accessible via HTTP, which takes POSTed inputs, writes them to the container's filesystem as temporary files, runs a shell command, and responds with gathered output files. Tim has been working on this for a couple of weeks, and has been updating the task in a steady monologue. Perhaps in the meeting today, we can get more eyes on the nitty gritty of the proposal. -- Daniel Kinzler Principal Software Engineer, Core Platform Wikimedia Foundation _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l