Page MenuHomePhabricator

Set Security Issue Task Type as default for Security reporting
Closed, ResolvedPublic

Description

This takes the type created in T204160: Create a security issue task type with additional attributes and makes it the default reporting mechanism.
Tasks created as this type can be searched by task type

This all relates to the reworking of the Security-Team triage process for which we have created a dashboard. That dashboard is also the default view for our portal.


Security Subtask Type: Creating and Editing (from workflow documentation)

  • A basic reporting form that has bare needed fields should be available for all users
  • A basic+ editing form should be available which allow adding context to the basic reporting. I.E. editing fields not shown on the basic creation form. The basic+ editing form can also be used for creation but isn't marked as a default creation form.
  • Adding a subscriber (CC) allows access, including editing of the task, but CC users cannot change the task ACLs if they are not a member of Security
  • An advanced reporting and editing form should be available to members of Security
  • An additional advanced reporting and editing form should be available to members of #acl*security-team which allow editing speciality fields used for team reporting purposes (summary, impact), that require prior knowledge to determine or are representative of formulaic output (risk rating). These field values show up on the task when present for all viewers.

Event Timeline

chasemp created this task.Dec 12 2019, 6:57 PM
chasemp triaged this task as Medium priority.Dec 12 2019, 7:01 PM
chasemp updated the task description. (Show Details)
chasemp added a subscriber: mmodell.
chasemp updated the task description. (Show Details)Dec 12 2019, 7:06 PM
chasemp updated the task description. (Show Details)Dec 12 2019, 7:25 PM

I believe that we could just update form 2 to use the new type.

I'm a bit confused here. The task both says "includes updating the link from form 2 to form 75" and "Update form 2 to say legacy and link to form 48"?

chasemp moved this task from Incoming to Waiting on the Security-Team board.Dec 16 2019, 5:14 PM
mmodell updated the task description. (Show Details)Dec 19 2019, 2:20 AM

Testing in T242365 for this and as part of that I'm going to make @Phabtest2 a member of Security briefly to ensure proper operation.

Mentioned in SAL (#wikimedia-operations) [2020-01-09T20:32:01Z] <chasemp> add phabtest2 to Security temp to ensure reporting settings (T240605)

chasemp claimed this task.Jan 9 2020, 8:53 PM
chasemp moved this task from Waiting to In Progress on the Security-Team board.
chasemp edited projects, added Documentation; removed User-chasemp.Jan 13 2020, 6:54 PM
chasemp updated the task description. (Show Details)
chasemp updated the task description. (Show Details)Jan 13 2020, 7:01 PM
chasemp updated the task description. (Show Details)
chasemp updated the task description. (Show Details)Jan 13 2020, 7:06 PM
chasemp updated the task description. (Show Details)Jan 13 2020, 7:30 PM

fyi @mmodell and @Aklapper I pulled some triggers here. I've did bunches of testing but you two are the most likely to hear if something is whacky.

chasemp updated the task description. (Show Details)Jan 17 2020, 5:08 PM
chasemp closed this task as Resolved.Jan 21 2020, 8:59 PM
chasemp updated the task description. (Show Details)
chasemp moved this task from In Progress to Our Part Is Done on the Security-Team board.

related to T242018: Make ‘Protect as security issue’ add project #security-team but not dependent on. So far no more stragglers so I'm resolving.