The patches resulting from T229501 and its subtasks could benefit from a security review before merge.
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | CCicalese_WMF | T229500 Add OAuth 2.0 support to MediaWiki | |||
Resolved | CCicalese_WMF | T229501 Add OAuth 2.0 support to MediaWiki for use by web-based clients | |||
Resolved | None | T229505 Admin adds new client | |||
Resolved | None | T229506 Admin removes client | |||
Resolved | None | T229508 User requests login using OAuth 2.0 | |||
Resolved | None | T232634 Manage OAuth 2.0 grants for a user | |||
Resolved | Reedy | T239940 Security review of OAuth 2.0 patches |
Event Timeline
Hi @CCicalese_WMF - can you please let us know if this is the only patch set you'd like us to look at? https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/OAuth/+/550847/
Cheers,
Jennifer
The patches that need review are:
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OAuth/+/543853
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OAuth/+/544919
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OAuth/+/545283
- https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OAuth/+/550847
Thanks!
Hi @CCicalese_WMF - apologies, I'm out of the office. Do you have a date you're aiming for? Let me know and we'll try and get someone on it fairly quickly.
We were hoping to have the patches merged by the end of the calendar year, but I do understand that is a very short turnaround at this point. And, of course, if issues are found that need remediation, that will not be possible. Our assumption has been that, since this is an incremental change to an existing reviewed extension, this should not be a very time-consuming review. But, please let me know if your assessment is different.