⚓ T109384 Security review of apache/avro and nmred/kafka-php

Status	Assigned	Task
Declined	None	T112846 Display automata and humans separately on zero results rate graph
Resolved	EBernhardson	T103505 Create analytics-centric Cirrus logs and have them import into HDFS
Resolved	None	T106257 Send raw server side events to Kafka using a PHP Kafka Client {oryx}
Resolved	EBernhardson	T106256 Kafka Client for MediaWiki
Resolved	mpopov	T110590 Add breakdown of zero results rate by language/project pair to dashboard
Resolved	• csteipp	T109384 Security review of apache/avro and nmred/kafka-php
Resolved	bd808	T111851 Package the Avro PHP library for easier Composer usage

• csteipp created this task.Aug 17 2015, 10:07 PM

• csteipp claimed this task.

• csteipp raised the priority of this task from to Needs Triage.

• csteipp updated the task description. (Show Details)

• csteipp added a project: deprecated-security-team-reviews.

• csteipp added subscribers: • csteipp, bd808, EBernhardson.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 17 2015, 10:07 PM

@EBernhardson, what dependencies / timelines do you have for this library?

This is a dependency for being able to easily analyze the logs generated by search, currently they are ~30GB per day. This will allow us to put them into hadoop which is better equipped to handle the volume of data.

There is no hard timeline on this. It's not blocking anything in particular, it will just allow us more visibility into the data we already collect and allow the two search analysts to do more in less time.

EBernhardson added a parent task: T103505: Create analytics-centric Cirrus logs and have them import into HDFS.Aug 18 2015, 12:02 AM

Legoktm updated the task description. (Show Details)Aug 18 2015, 12:04 AM

Legoktm added a project: MediaWiki-Vendor.

Legoktm set Security to None.

Could you give an estimate on where this fits into the security team's timeline so we can plan appropriately?

Probably the week of week of Aug 31st, realistically.

Legoktm merged a task: T109337: Security review for nmred/kafka-php and apache/avro libraries to enable producing kafka messages from mediawiki..Aug 19 2015, 8:40 AM

EBernhardson added a parent task: T106256: Kafka Client for MediaWiki.Aug 21 2015, 5:04 PM

• csteipp moved this task from Incoming to Scheduled on the deprecated-security-team-reviews board.Aug 24 2015, 6:55 PM

• csteipp added a project: Security-Team.Aug 29 2015, 12:59 AM

• csteipp moved this task from Incoming to Ready on the Security-Team board.

• csteipp moved this task from Ready to In Progress on the Security-Team board.Sep 3 2015, 8:34 PM

• csteipp moved this task from In Progress to Our Part Is Done on the Security-Team board.Sep 4 2015, 7:58 PM

@csteipp: My understanding is that there was some follow-up work related to this. Can you mention those tasks here so I can follow them?

• Deskana added a parent task: T110590: Add breakdown of zero results rate by language/project pair to dashboard.Sep 8 2015, 8:15 PM

• Deskana mentioned this in T110590: Add breakdown of zero results rate by language/project pair to dashboard.

@ksmith, I -1'ed https://gerrit.wikimedia.org/r/#/c/232075/ for bundling potentially dangerous example code with the library. How the team wants to handle that is up to them-- they should add blockers here as needed.

bd808 added a subtask: T111851: Package the Avro PHP library for easier Composer usage.Sep 8 2015, 9:19 PM

bd808 closed subtask T111851: Package the Avro PHP library for easier Composer usage as Resolved.Sep 8 2015, 11:35 PM

• csteipp closed this task as Resolved.Sep 9 2015, 5:14 PM

sbassett moved this task from Scheduled to Done on the deprecated-security-team-reviews board.Jul 9 2019, 8:26 PM

• chasemp removed a project: deprecated-security-team-reviews.Jan 8 2020, 4:17 PM