This takes the type created in T204160: Create a security issue task type with additional attributes and makes it the default reporting mechanism.
Tasks created as this type can be searched by task type
Security Subtask Type: Creating and Editing (from workflow documentation)
- A basic reporting form that has bare needed fields should be available for all users
- A basic+ editing form should be available which allow adding context to the basic reporting. I.E. editing fields not shown on the basic creation form. The basic+ editing form can also be used for creation but isn't marked as a default creation form.
- Adding a subscriber (CC) allows access, including editing of the task, but CC users cannot change the task ACLs if they are not a member of Security
- An advanced reporting and editing form should be available to members of Security
- An additional advanced reporting and editing form should be available to members of #acl*security-team which allow editing speciality fields used for team reporting purposes (summary, impact), that require prior knowledge to determine or are representative of formulaic output (risk rating). These field values show up on the task when present for all viewers.
- Create basic reporting form for subtype
- Create basic editing form for all users
- Create #security members advanced creation/edit form (includes ability to create adhoc ACLs)
- Create #security-team advanced editing form (allows editing the risk rating score)
- Replace the boiler plate (Experimental) annotations
- Set new basic creation form as default portal drop down option
- Update reporting security issue form link on https://www.mediawiki.org/wiki/Reporting_security_bugs
- Unmark form 2 as default creation form
- Set legacy form as deprecated
- Reorder creation forms to reflect new legacy status etc
- T240493: Make ‘Protect as security issue’ set priority as ‘Needs Triage’
- T242018: Make ‘Protect as security issue’ add project #security-team
- run down straggler references (a prior documentation deduplication and consolidation project seems to have pointed everything to our process so hopefully few if any) (T243028)