sbassett added a comment.
@darthmon_wmde - we don't currently have this review assigned/scheduled, though I could probably have a look at it next week. Before we do that, I think we'd need: 1. Confirmed commit shas for the various code bases and files defined within sections one and two within the task description. Basically points to freeze the code so we're not reviewing a moving target. If the code is still volatile, we'd probably want to wait until it becomes a bit more stable before selecting the commit shas. 2. Confirmation as to what the three unlinked config changes above imply: //Upcoming: Set dataBridgeEnabled repo setting on Wikidata//, //Upcoming: Set dataBridgeEnabled client setting on certain client wikis// and //Upcoming: Set dataBridgeEnabled client setting on all Wikibase clients//. If these are merely config variables within Wikibase.php or IS.php, then we likely wouldn't care about them for this review, unless they have security implications, like perhaps `wmgWikibaseClientDataBridgeHrefRegExp`. 3. For the working test environment, it would be nice to have instructions on how to get a local development environment of this system/config up and running via the Wikibase docker <https://github.com/wmde/wikibase-docker> or similar. Beta/test wiki setups can be helpful but local development environments that mimic what is intended to eventually exist within production are the most helpful for security reviews as we can then often perform more in-depth pen-tests and analyses. TASK DETAIL https://phabricator.wikimedia.org/T249039 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: sbassett Cc: sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, Sarai-WMDE, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, Mbch331, Legoktm
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
