Create "security pre-announce" group in Phab (to easier allow 3rd parties who get pre-release notifications to access Security tasks)
Open, Stalled, NormalPublic

Description

Name can be bikeshedded upon. @csteipp and I were just thinking it would make it easier to let 3rd parties who get pre-release security notifications (Wikia, for example) to be managed by a group instead of ad-hoc additions to tasks.

demon created this task.Aug 7 2015, 6:26 PM
demon updated the task description. (Show Details)
demon raised the priority of this task from to Needs Triage.
demon added projects: Phabricator, Project-Admins.
demon added subscribers: demon, csteipp.
Restricted Application added subscribers: scfc, Aklapper. · View Herald TranscriptAug 7 2015, 6:26 PM
Krenair added a subscriber: Krenair.Aug 7 2015, 6:30 PM
greg awarded a token.Aug 7 2015, 6:38 PM
greg added a subscriber: greg.

How would the workflow in Phabricator look like if such a team project existed? (Assuming that "group" means "team")

Also, name and description highly welcome (also covering who is supposed to add that group): https://www.mediawiki.org/wiki/Phabricator/Creating_and_renaming_projects#Guidelines

I assume this would be a restricted-edit/restricted-join project with an NDA requirement, which 'we' (release engineers? security?) just CC (as a whole project) onto tasks when appropriate?

This would be an automating of the existing process. Instead of manually
adding each user who has requested access and fine through the NDA process,
we just cc the group so all get access.

Aklapper triaged this task as Normal priority.Sep 2 2015, 12:35 PM

Any updates here?

Assuming this actually needs both acl and group/team projects...

Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptMay 7 2016, 12:46 AM
mmodell added a subscriber: mmodell.Jun 3 2016, 8:49 PM

There would need to be an #acl*security project who's members are authorized to add people to the #security-announce group.

Paladox moved this task from To Triage to Misc on the Phabricator board.Sep 6 2016, 11:29 AM

There would need to be an #acl*security project who's members are authorized to add people to the #security-announce group.

Security is an ACL project (though it's inconsistently named and not a subproject) which can be edited by Security folks (currently that's @dpatrick, @Bawolff) and Phab admins.
Any comments?

Are we still giving pre-release notice to third parties? I don't think we remembered to do that last release.

demon added a comment.Feb 22 2017, 9:16 PM

Are we still giving pre-release notice to third parties? I don't think we remembered to do that last release.

I don't think we've ever been consistent about it.

Aklapper changed the task status from Open to Stalled.

Setting to "stalled" status as I cannot act in terms of Phabricator and Project-Admins as long as noone has laid out some process and decided what exactly is wanted here (and which problem to solve which requires access to Phab tasks, somehow). Feel free to reset.

Aklapper renamed this task from Create "security pre-announce" group to Create "security pre-announce" group in Phab (to easier allow 3rd parties who get pre-release notifications to access Security tasks).Jun 29 2018, 11:34 AM
Aklapper added a project: MediaWiki-Releasing.