Create project of [tag] type to indicate Security tasks that cannot be made public
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• chasemp
	Jan 9 2019, 5:02 PM

Description

Ideally, the vast majority of Security tasks would be made public after issues are resolved to be as transparent as possible. This hope has been met with varying levels of success in the past as reviewing issues for PI/PII/problematic logs/related and remaining issues is timeconsuming.

One strategy discussed is to create a tag that we can use to mark tasks as "This is explicitly not eligible for being made public due to the presence of restricted information on the task" to start making headway on historic tasks and to be more careful with existing open tasks. At the moment it's difficult to know if someone has already determined a task is an issue for making public or not, and there is no way to mark a task as not-eligible when you know sensitive information is being added in real time.

Thus we are going to try out a tag for this purpose named #PermanentlyPrivate

Event Timeline

• chasemp triaged this task as Medium priority.Jan 9 2019, 5:02 PM

• chasemp created this task.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 9 2019, 5:02 PM

Name can be bike shedded if needed :) Initial agreement in an in-person meeting was to roll with https://phabricator.wikimedia.org/project/manage/3825/ and see if it's effective/useful.

sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Jun 11 2019, 6:18 PM

• chasemp added a project: Security.Feb 10 2020, 10:57 PM

• chasemp removed a project: acl*security.Feb 20 2020, 8:16 PM

Create project of [tag] type to indicate Security tasks that cannot be made publicClosed, ResolvedPublicActions

Description

Event Timeline

Create project of [tag] type to indicate Security tasks that cannot be made public
Closed, ResolvedPublic
Actions