| sbassett added a comment. |
@Hjfocs -
But you served as the first reviewer, what am I getting wrong?
From T196073#4825203, it looks like @MaxSem found the PrimarySources code as an unmerged gerrit patch set, and offered some initial feedback (thanks!) However, this isn't typical of a standard security review as performed by the #security-team (see mw documentation). The #Security-team's expectations, in addition to receiving a request like this ticket would be:
- The code to be reviewed would be nearly ready for production deployment. It seems like PrimarySources may be in some extended testing phases and/or pilot launches, so I'm not sure it meets this criteria at the moment. Please correct me if this is not the case.
- Per this documentation, we typically expect Gerrit to be the canonical location for any Wikimedia code to be security-reviewed. We can work with an unmerged patch set, but I think there was some initial confusion as the Gerrit repository only had the code of conduct file in it (and still does) and we typically don't try to hunt things down on Github.
- It will soon be a requirement for submitters of security reviews to provide some kind of working test environment (Dockerfile, etc) or instructions on configuring such an environment (i.e. extension installation, dependencies, oddities, etc.) with any security review request. I currently do not see anything like this mentioned within this ticket or within any READMEs or other documentation (especially for the java backend) which would complicate or greatly inhibit the success of this review.
Once these issues are addressed, we can re-open this ticket and get it scheduled for a formal review.
TASK DETAIL
EMAIL PREFERENCES
To: sbassett
Cc: Lucas_Werkmeister_WMDE, MaxSem, sbassett, Aklapper, Hjfocs, Nandana, Lahi, Gq86, GoranSMilovanovic, Kiailandi, QZanden, EBjune, dachary, LawExplorer, _jensen, dpatrick, Luke081515, freephile, Wikidata-bugs, aude, Ricordisamoa, JanZerebecki, Sjoerddebruin, Tpt, csteipp, Mbch331, Jay8g, Legoktm
Cc: Lucas_Werkmeister_WMDE, MaxSem, sbassett, Aklapper, Hjfocs, Nandana, Lahi, Gq86, GoranSMilovanovic, Kiailandi, QZanden, EBjune, dachary, LawExplorer, _jensen, dpatrick, Luke081515, freephile, Wikidata-bugs, aude, Ricordisamoa, JanZerebecki, Sjoerddebruin, Tpt, csteipp, Mbch331, Jay8g, Legoktm
_______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
