Page MenuHomePhabricator
Create Task
Maniphest T217435

Changing /wiki/Security and wiki/MediaWiki security reference content
Closed, ResolvedPublic
Actions

Description

The Security team has been revising our various landing pages and content across (what I'm going to call) administrative properties of wikitech, office, meta, mediawiki, even foundation wiki (soon).

I have written a page that outlines the format and strategy around our process at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Documentation

Three things that are probably fairly modest tasks

I have been working with @CKoerner_WMF and @Quiddity to this point, but I wanted to this officially on the books as I'm not sure how much time this is :) If we could do 1 and 2 soon, and wait on 3 that would be swell.

Later we may move the Password Policy from meta to foundation.wikimedia.org as canonical with the version on meta being marked as 'for translation only' in the same manner as the Privacy Policy. (This item is currently on hold while Security Team coordinates with other teams)

Related Objects

Event Timeline

chasemp triaged this task as Medium priority.Mar 1 2019, 6:51 PM
chasemp created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 1 2019, 6:51 PM
chasemp added a comment.EditedMar 12 2019, 1:25 PM

poke @CKoerner_WMF would you have time to talk about #1 and #2 this week?

CKoerner_WMF added a comment.Mar 13 2019, 8:28 PM

Yep, find a time and I'll be there.

chasemp added a comment.Mar 18 2019, 4:12 PM

Outcome from a meeting

1: @Quiddity is going to knock this out

2: I'll get in touch with @Aklapper as he's working on some homepage stuff it seems :)

3: Not ready yet from my side

Qgil edited projects, added MoveComms-Support (Jan-Mar-2019); removed Community-Relations.Mar 18 2019, 8:58 PM
Aklapper added a comment.Mar 24 2019, 9:20 PM
In T217435#5033481, @chasemp wrote:

2: I'll get in touch with @Aklapper as he's working on some homepage stuff it seems :)

@chasemp: Right, that's T653. Currently we are in the layout phase. The audiences and content phases are done. (Though I'm not against smaller tweaks.)
See mw:MediaWiki/Homepage_improvements_2018 for the process and mw:MediaWiki/Homepage_improvements_2018/Proposal for what's being discussed. The current proposal includes an item called "Report wrong software behavior or a feature proposal" which links to mw:How_to_report_a_bug.

chasemp added a comment.Apr 11 2019, 7:36 PM
In T217435#5052185, @Aklapper wrote:
In T217435#5033481, @chasemp wrote:

2: I'll get in touch with @Aklapper as he's working on some homepage stuff it seems :)

@chasemp: Right, that's T653. Currently we are in the layout phase. The audiences and content phases are done. (Though I'm not against smaller tweaks.)
See mw:MediaWiki/Homepage_improvements_2018 for the process and mw:MediaWiki/Homepage_improvements_2018/Proposal for what's being discussed. The current proposal includes an item called "Report wrong software behavior or a feature proposal" which links to mw:How_to_report_a_bug.

Ok, thanks for that context.

At the moment I took the scattered places where security bug reporting in particular was described and tried to link them all to https://www.mediawiki.org/wiki/Reporting_security_bugs which already existed. I attempted to clean up that page as well. A lot of (most of) the good reporting practices on How_to_report_a_bug do apply though. Maybe we should merge the two pages with a direct link to a security bug context specific section on How_to_report_a_bug. If How_to_report_a_bug is going to be a first class citizen on the main page that would help solve discoverability and duplication of work issues I expect.

My thinking before reading your reply here had been something like

About this site | About MediaWiki | Download | Help and support | Contribute

is now

About this site | About MediaWiki | Download | Help and support | Contribute | Security

But if...

Report wrong software behavior or a feature proposal makes it onto the landing page and there is a link to https://www.mediawiki.org/wiki/Reporting_security_bugs or that is folded into https://www.mediawiki.org/wiki/How_to_report_a_bug entirely then makes sense to me.

Elitre subscribed.Apr 13 2019, 10:35 AM

@Quiddity @CKoerner_WMF does any of you own this?

Aklapper added a comment.Apr 13 2019, 1:28 PM
In T217435#5105302, @chasemp wrote:

But if...

Report wrong software behavior or a feature proposal makes it onto the landing page and there is a link to https://www.mediawiki.org/wiki/Reporting_security_bugs or that is folded into https://www.mediawiki.org/wiki/How_to_report_a_bug entirely then makes sense to me.

The new https://www.mediawiki.org front page is now live.

Quiddity added a comment.Apr 13 2019, 9:29 PM
In T217435#5108721, @Elitre wrote:

@Quiddity @CKoerner_WMF does any of you own this?

Nope, Chase owns this, we're advising and assisting occasionally.

sbassett subscribed.Apr 16 2019, 2:44 PM
chasemp added a comment.Apr 16 2019, 3:24 PM
In T217435#5108840, @Aklapper wrote:
In T217435#5105302, @chasemp wrote:

But if...

Report wrong software behavior or a feature proposal makes it onto the landing page and there is a link to https://www.mediawiki.org/wiki/Reporting_security_bugs or that is folded into https://www.mediawiki.org/wiki/How_to_report_a_bug entirely then makes sense to me.

The new https://www.mediawiki.org front page is now live.

Thanks @Aklapper, I see a link n https://www.mediawiki.org/wiki/How_to_report_a_bug at Click the star in the upper right corner and choose "Create Task" (or "Report Security issues" to report a security problem). which has a lead-in from the main page. That's cool with me. Thanks for your patience on walking that out for me.

chasemp updated the task description. (Show Details)Apr 16 2019, 3:25 PM
chasemp added a comment.Apr 16 2019, 3:33 PM

The last item here will take coordination with other internal WMF folks as what goes on foundation.wm.o is still complicated

chasemp updated the task description. (Show Details)Apr 17 2019, 2:55 PM
chasemp updated the task description. (Show Details)
chasemp added a comment.Apr 17 2019, 3:05 PM
In T217435#5115200, @chasemp wrote:

The last item here will take coordination with other internal WMF folks as what goes on foundation.wm.o is still complicated

I split the last item into two items

chasemp updated the task description. (Show Details)Apr 29 2019, 6:08 PM
chasemp moved this task from Incoming to Back Orders on the Security-Team board.Dec 2 2019, 8:52 PM
CKoerner_WMF unsubscribed.Dec 12 2019, 4:27 PM
chasemp moved this task from Back Orders to Waiting on the Security-Team board.Jan 2 2020, 8:54 PM
chasemp added subscribers: JBennett, APalmer_WMF.Jan 15 2020, 6:47 PM

I talked with @JBennett about this today, he is going to reach out to @APalmer_WMF to discuss a bit.

Aklapper added a comment.Jun 3 2020, 9:33 AM
In T217435#5806759, @chasemp wrote:

I talked with @JBennett about this today, he is going to reach out to @APalmer_WMF to discuss a bit.

@JBennett, @APalmer_WMF: Was there any outcome to share?

chasemp claimed this task.Jun 9 2020, 4:22 PM
chasemp closed this task as Resolved.Jun 10 2020, 3:45 PM
In T217435#6188068, @Aklapper wrote:
In T217435#5806759, @chasemp wrote:

I talked with @JBennett about this today, he is going to reach out to @APalmer_WMF to discuss a bit.

@JBennett, @APalmer_WMF: Was there any outcome to share?

Security-Team does have the ability to put policy on foundation.wm.o but we are currently spinning up a broader management platform that is likely to end up as the canonical policy repository. For now I'm going to resolve this.

chasemp updated the task description. (Show Details)Jun 10 2020, 3:46 PM
chasemp moved this task from Waiting to Our Part Is Done on the Security-Team board.
chasemp added a subscriber: CKoerner_WMF.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL