The purpose of this Epic is to consolidate all Security Credentialing Tasks together in order to bring visibility to ensure there are not duplicate efforts and to allow structure to the traction of the tasks.
Description
Related Objects
- Mentioned Here
- T189641: Service for checking the Pwned Passwords database
Event Timeline
So there's a tag where a lot of password/credential-related tasks are tracked: https://phabricator.wikimedia.org/project/board/148/. But similar to Security, it's fairly noisy. Some recent password/credential-related tasks have been public (e.g. the proposed haveibeenpwned service T189641), though many others are security-protected for obvious reasons. If we'd like to track those here, we may want to consider making this a security-protected task as well, at least for the time being. There's also a fairly enormous body of password/credential-related tasks in various states of decay from the past decade or so. Some of these do seem to have recent, relevant discussions on them, but many are probably too stale for what we would want to track here.
If you make an existing security task be a child task of a public task, it will only show up when people have rights to view, so it all works out fine.
Right, I just meant more for sanity's sake and in case discussion from any of those tickets accidentally wandered over here :)