sbassett added a comment.
In T237667#5728294 <https://phabricator.wikimedia.org/T237667#5728294>, @Ladsgroup wrote: > Sorry, When I made the patch to gerrit it made sense to open the ticket so the bots can add the patch to this ticket, when the patch is in gerrit, this can be opened. right? This is fine. #security-team <https://phabricator.wikimedia.org/tag/security-team/>'s general rule of thumb here is that once a security issue has been patched (and is stable) on all relevant production systems, it's fine to make any security-protected tasks public. The two caveats for this are: 1. It's a patch for MW core or a bundled extension <https://www.mediawiki.org/wiki/Bundled_extensions_and_skins> and needs to be kept protected for the (typically) quarterly MW security releases. 2. There's PII or other sensitive data on the task itself and it needs to remain #permanentlyprivate <https://phabricator.wikimedia.org/tag/permanentlyprivate/>. Neither appears to be the case here. CVE requests, backports, announcements, etc. can all happen after the task is public, though our recommendation is that those all happen sooner than later. If there are going to be long, anticipated delays for any of these or there are extenuating circumstances (example: T239922#5720376), then the task can become public later. TASK DETAIL https://phabricator.wikimedia.org/T237667 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Addshore, sbassett Cc: brennen, thcipriani, Urbanecm, Michael, alaa_wmde, Lea_Lacroix_WMDE, Lucas_Werkmeister_WMDE, chasemp, Reedy, sbassett, Anomie, WMDE-leszek, darthmon_wmde, Lydia_Pintscher, Ladsgroup, Rosalie_WMDE, Jakob_WMDE, jcrespo, Addshore, Krinkle, Aklapper, mmodell, Hook696, Daryl-TTMG, RomaAmorRoma, 0010318400, E.S.A-Sheild, Iflorez, JFishback_WMF, Dsharpe, Meekrab2012, joker88john, DannyS712, CucyNoiD, Nandana, NebulousIris, Gaboe420, Versusxo, Majesticalreaper22, Amorymeltzer, Giuliamocci, Adrian1985, Cpaulf30, Lahi, Gq86, Af420, Darkminds3113, Bsandipan, Lordiis, GoranSMilovanovic, Adik2382, Th3d3v1ls, Ramalepe, Liugev6, QZanden, HJiang-WMF, LawExplorer, WSH1906, Lewizho99, Maathavan, _jensen, rosalieper, Scott_WUaS, Jonas, dpatrick, Luke081515, Wikidata-bugs, aude, GWicke, Bawolff, Dinoguy1000, Stype_and_Co.-WMF, DerHexer, Jalexander, Parent5446, Grunny, Jdforrester-WMF, csteipp, Mbch331, Rxy, Jay8g, Krenair, Legoktm
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs