Page MenuHomePhabricator
Create Task
Maniphest T241079

Security Issue Access Request for Pchelolo
Closed, ResolvedPublic
Actions

Description

Phabricator Username: Pchelolo

Reasons For Request: I'm a WMF employee and this somehow has never been done.

Event Timeline

Pchelolo created this task.Dec 18 2019, 6:03 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 18 2019, 6:03 PM
Aklapper added a comment.Dec 18 2019, 6:07 PM

See https://www.mediawiki.org/wiki/Security/SOP/Access_to_Phabricator_Security_Issues for requirements.

Not sure how much Security Team will insist on linking your Phab account to PPchelko_(WMF) instead of current Pchelolo, but in any case you will have to enable 2FA for @Pchelolo - see https://www.mediawiki.org/wiki/Phabricator/Help#Multi-factor_authentication

WDoranWMF added a comment.Dec 18 2019, 6:08 PM

I'm Petr's manager on the Core Platform Team, as part of his work diagnosing and repairing issues on services infrastructure Petr will need to be able to access private security bugs.

Pchelolo added a comment.Dec 18 2019, 6:15 PM

in any case you will have to enable 2FA for @Pchelolo

Done.

Pchelolo added a comment.Dec 18 2019, 6:15 PM

I would very much prefer to stick with @Pchelolo if that's possible.

Urbanecm added a project: Security-Team.Dec 21 2019, 7:54 PM
chasemp subscribed.Dec 23 2019, 5:06 PM
In T241079#5751988, @Aklapper wrote:

See https://www.mediawiki.org/wiki/Security/SOP/Access_to_Phabricator_Security_Issues for requirements.

Not sure how much Security Team will insist on linking your Phab account to PPchelko_(WMF) instead of current Pchelolo, but in any case you will have to enable 2FA for @Pchelolo - see https://www.mediawiki.org/wiki/Phabricator/Help#Multi-factor_authentication

If access is being requested as part of work as staff then the staff account associated is expected. I can talk to the team about when to make exceptions but it's not without reason in that (WMF) accounts are restricted and verify to some extent identity. Also, if this request was from a communities standpoint it would require a sponsor and reasoning outside of the scope of employment for WMF as that would not be in play for reasoning.

chasemp triaged this task as Medium priority.Dec 23 2019, 5:07 PM
chasemp moved this task from Incoming to In Progress on the Security-Team board.
chasemp added a comment.EditedDec 23 2019, 5:11 PM

Clarifying note: we are talking about the WMF on-wiki account linked to your phab profile. The phab username has no enforced conventions. Some use WMF in the name and some do not. While we would probably deny non-WMF folks having WMF in their name on phab for sanity reasons there isn't any policy or expectation other than that. Just wanted to be clear.

chasemp added a comment.Jan 2 2020, 8:41 PM
In T241079#5760862, @chasemp wrote:
In T241079#5751988, @Aklapper wrote:

See https://www.mediawiki.org/wiki/Security/SOP/Access_to_Phabricator_Security_Issues for requirements.

Not sure how much Security Team will insist on linking your Phab account to PPchelko_(WMF) instead of current Pchelolo, but in any case you will have to enable 2FA for @Pchelolo - see https://www.mediawiki.org/wiki/Phabricator/Help#Multi-factor_authentication

If access is being requested as part of work as staff then the staff account associated is expected. I can talk to the team about when to make exceptions but it's not without reason in that (WMF) accounts are restricted and verify to some extent identity. Also, if this request was from a communities standpoint it would require a sponsor and reasoning outside of the scope of employment for WMF as that would not be in play for reasoning.

poke

chasemp moved this task from In Progress to Waiting on the Security-Team board.Jan 2 2020, 8:42 PM
Pchelolo added a comment.Jan 2 2020, 8:55 PM

I've relinked my Phabricator account (@Pchelolo) to WMF account on mediawiki.org User:PPchelko (WMF) - would that be enough?

chasemp closed this task as Resolved.Jan 2 2020, 9:26 PM
chasemp claimed this task.
In T241079#5772203, @Pchelolo wrote:

I've relinked my Phabricator account (@Pchelolo) to WMF account on mediawiki.org User:PPchelko (WMF) - would that be enough?

you got it. I see MFA and manager approval here already for an active WMF employee. I can see the need from your role clearly. So I'll go ahead and get this done.

chasemp moved this task from Waiting to Our Part Is Done on the Security-Team board.Jan 2 2020, 9:32 PM
chasemp added a project: Security.Feb 10 2020, 10:56 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL