We are planning to move this to WMF infra and as @faidon pointed out, a security review would be needed. Since it's a static website, it'll be piece of cake (I guess)
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Invalid | None | T108946 [Epic] Improve the development infrastructure | |||
Declined | None | T99531 [Task] move wikiba.se webhosting to wikimedia cluster | |||
Resolved | Reedy | T171274 Security review of wikiba.se |
Event Timeline
https://github.com/wikimedia/wikiba.se/blob/master/composer.json#L6 - Why are you including dflydev/embedded-composer yourself? https://packagist.org/packages/sculpin/sculpin adds the same version. I was trying to work out what it was used for; and the answer seems to be nothing directly
What's the deployment strategy going to be? Commit the generated files (from vendor/bin/sculpin generate --env=prod) into another repo (wikiba.se-deploy or similar?)... As we're presumably not going to be running composer and then sculpin on the misc servers and then serving those files?
Package operations: 79 installs, 0 updates, 0 removals
Yeah... That's definitely not being run in prod. lol
There's nothing really scary here other than the dependancy tree of vendor/composer libs. But that's not a production issue.
The 3rd party loading of fonts was fixed recently, so that's good.
TBH, I don't think this really needed a security review; the resultant files are mostly static html, with a bit of (standard 3rd party) js
reedy@ubuntu64-web-esxi:~/wikiba.se/output_prod$ tree . ├── applications │ └── index.html ├── components │ ├── bootstrap │ │ ├── bootstrap-built.css │ │ ├── bootstrap-built.js │ │ └── dist │ │ ├── css │ │ │ ├── bootstrap.css │ │ │ ├── bootstrap.min.css │ │ │ ├── bootstrap-theme.css │ │ │ └── bootstrap-theme.min.css │ │ ├── fonts │ │ │ ├── glyphicons-halflings-regular.eot │ │ │ ├── glyphicons-halflings-regular.svg │ │ │ ├── glyphicons-halflings-regular.ttf │ │ │ ├── glyphicons-halflings-regular.woff │ │ │ └── glyphicons-halflings-regular.woff2 │ │ └── js │ │ ├── bootstrap.js │ │ └── bootstrap.min.js │ ├── font-awesome │ │ ├── css │ │ │ ├── font-awesome.css │ │ │ ├── font-awesome.css.map │ │ │ └── font-awesome.min.css │ │ ├── font-awesome-built.css │ │ └── fonts │ │ ├── FontAwesome.otf │ │ ├── fontawesome-webfont.eot │ │ ├── fontawesome-webfont.svg │ │ ├── fontawesome-webfont.ttf │ │ ├── fontawesome-webfont.woff │ │ └── fontawesome-webfont.woff2 │ ├── index.html │ ├── jquery │ │ ├── jquery-built.js │ │ ├── jquery.js │ │ ├── jquery-migrate.js │ │ ├── jquery-migrate.min.js │ │ ├── jquery.min.js │ │ └── jquery.min.map │ ├── require-built.js │ ├── require.config.js │ ├── require.css │ └── require.js ├── css │ └── style.css ├── images │ ├── droidwiki.png │ ├── eagle-project.png │ ├── favicon.ico │ ├── logo.png │ └── wikidata.png ├── index.html ├── ontology-1.0.owl ├── projects │ └── index.html └── resources └── index.html