Discovery has a Q1 goal to have Wikidata Query Service running on production hardware in a test mode. The code needs a security review before that can happen.
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | • Deskana | T105196 Security review for Wikidata Query Service code before deploying to production hardware | |||
| Resolved | • csteipp | T90115 BlazeGraph Security Review | |||
| Resolved | None | T108101 Isolate wikidata.org cookies and CORS policies | |||
| Resolved | Bene | T112087 [Bug] m.wikidata.org is not CORS whitelisted | |||
| Resolved | • csteipp | T100413 "You are centrally logged in." toast on every page view on commons | |||
| Open | None | T109538 Vagrant wikis should have mobile site setup when MobileFrontend role is enabled | |||
| Resolved | • Gilles | T54302 Varnish vagrant role |
Event Timeline
Comment Actions
Yes, I'll be doing the review.
Who on S&D is primarily working on this piece?
Can I get a link to the existing design docs and code so I can do an initial scoping? After that, I'd like to meet with the people working on this to make sure we have a dataflow diagram and threat model filled in for both this and blazegraph.
Comment Actions
Who on S&D is primarily working on this piece?
That would be me. The code is here: https://github.com/wikimedia/wikidata-query-rdf/
The docs are here: https://www.mediawiki.org/wiki/Wikibase/Indexing and https://www.mediawiki.org/wiki/Wikidata_query_service but there's a lot of info that is not relevant anymore there so if you need some specific info I'd be glad to provide more specific pointers.