I'm mostly requesting an informal review for this since it's an already-existing project, but given the recent issues with Gerrit account security, more eyeballs are better.
The significant change is that I'd like to have an active SSH agent running on a Cloud VPS instance with access to a +2-privledged Gerrit account.
- Name of project: LibUp 2.0
- Project home page: https://www.mediawiki.org/wiki/Libraryupgrader
- Name of team which owns the project: n/a
- Primary contact for the project: @Legoktm
- Target date for deployment: End of July
- Link to code repository: https://gerrit.wikimedia.org/g/labs/libraryupgrader
- Is this a brand-new project: No
- Has this project ever been reviewed before: (Phab tasks, etc.): ish. T174760 is the closest. @thcipriani walked through some of the security implications with me on IRC.
- Has any risk assessment (STRIDE, etc.) been performed: No
- Is there an existing RFC or has this been presented to the community: Kind of. This is just an evolution of the current libraryupgrader.
- Is this project tied to a team quarterly goal: "Reduce dependence upon Legoktm because he's getting busier" but it's not a real goal :-)
Description of the project and how it will be used
Description of any sensitive data to be collected or exposed
Mostly it'll have access to a +2-enabled Gerrit account.
Python (flask/celery), docker, rabbitmq, systemd, Cloud VPS.
Dependencies and vendor code
Working test environment
The libraryupgrader VPS project is mostly set up - I just haven't finished writing all the code. I can give people access as requested.