Page MenuHomePhabricator

Set Security Issue Task Type as default for Security reporting
Closed, ResolvedPublic


This takes the type created in T204160: Create a security issue task type with additional attributes and makes it the default reporting mechanism.
Tasks created as this type can be searched by task type

This all relates to the reworking of the Security-Team triage process for which we have created a dashboard. That dashboard is also the default view for our portal.

Security Subtask Type: Creating and Editing (from workflow documentation)

  • A basic reporting form that has bare needed fields should be available for all users
  • A basic+ editing form should be available which allow adding context to the basic reporting. I.E. editing fields not shown on the basic creation form. The basic+ editing form can also be used for creation but isn't marked as a default creation form.
  • Adding a subscriber (CC) allows access, including editing of the task, but CC users cannot change the task ACLs if they are not a member of Security
  • An advanced reporting and editing form should be available to members of Security
  • An additional advanced reporting and editing form should be available to members of #acl*security-team which allow editing speciality fields used for team reporting purposes (summary, impact), that require prior knowledge to determine or are representative of formulaic output (risk rating). These field values show up on the task when present for all viewers.

Event Timeline

chasemp updated the task description. (Show Details)
chasemp added a subscriber: mmodell.

I believe that we could just update form 2 to use the new type.

I'm a bit confused here. The task both says "includes updating the link from form 2 to form 75" and "Update form 2 to say legacy and link to form 48"?

Testing in T242365 for this and as part of that I'm going to make @Phabtest2 a member of Security briefly to ensure proper operation.

Mentioned in SAL (#wikimedia-operations) [2020-01-09T20:32:01Z] <chasemp> add phabtest2 to Security temp to ensure reporting settings (T240605)

fyi @mmodell and @Aklapper I pulled some triggers here. I've did bunches of testing but you two are the most likely to hear if something is whacky.

chasemp updated the task description. (Show Details)
chasemp moved this task from In Progress to Our Part Is Done on the Security-Team board.

related to T242018: Make ‘Protect as security issue’ add project #security-team but not dependent on. So far no more stragglers so I'm resolving.