Page MenuHomePhabricator

Security review of OAuth 2.0 patches
Closed, ResolvedPublic

Description

The patches resulting from T229501 and its subtasks could benefit from a security review before merge.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 5 2019, 6:24 PM
Jcross added a subscriber: Jcross.Dec 9 2019, 4:28 PM

Hi @CCicalese_WMF - can you please let us know if this is the only patch set you'd like us to look at? https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/OAuth/+/550847/

Cheers,

Jennifer

Anomie added a subscriber: Anomie.Dec 11 2019, 3:36 PM

@Jcross, do you have an estimate of when this will be able to be scheduled and how long it might take? @Anomie has already reviewed the patches as well, so we're hoping this will not need to be an intensive or time consuming review.

Hi @CCicalese_WMF - apologies, I'm out of the office. Do you have a date you're aiming for? Let me know and we'll try and get someone on it fairly quickly.

We were hoping to have the patches merged by the end of the calendar year, but I do understand that is a very short turnaround at this point. And, of course, if issues are found that need remediation, that will not be possible. Our assumption has been that, since this is an incremental change to an existing reviewed extension, this should not be a very time-consuming review. But, please let me know if your assessment is different.

sbassett assigned this task to Reedy.Dec 16 2019, 4:23 PM
sbassett moved this task from Incoming to In Progress on the deprecated-security-team-reviews board.
Reedy closed this task as Resolved.Jan 13 2020, 4:19 PM

Sorted. Patches shepherded and merged!

chasemp moved this task from Incoming to Our Part Is Done on the secscrum board.Tue, Mar 10, 8:19 PM