Page MenuHomePhabricator

Security Readiness Review For ChessBrowser extension
Open, Needs TriagePublic

Description

NOTE: The Security-Team will strive to set an Estimated Start date after submission

Project Information

Description of the tool/project: ChessBrowser is an extension which takes Portable Game Notation and produces an interactive user interface for viewing and navigating the chess game.

Description of how the tool will be used at WMF: The extension would primarily be used on Wikipedias to enhance encyclopedic coverage of chess games such as the Opera Game and the Evergreen Game. The Hebrew and Russian Wikipedias have a javascript gadget for this purpose, but the English Wikipedia has not done so for performance reasons. Despite this, multiple discussions on the English Wikipedia have shown a desire for a way to interactively view chess games (most recent discussion, 2016 discussion, village pump archive search).

Dependencies
None

Has this project been reviewed before?
No

Working test environment
I have a test environment set up using mediawiki vagrant. Taking any PGN and placing it between <pgn></pgn> tags will invoke the extension and allow testing. A good test example would be copying https://www.mediawiki.org/wiki/Extension:ChessBrowser/Test_games, which includes multiple games with different special behaviours.

Post-deployment
Wugapodes and DannyS712 will be primarily responsible for the code. Kipod has also contributed to the code base and may be interested in post deployment support.

Event Timeline

Wugapodes created this task.Feb 2 2020, 1:15 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 2 2020, 1:15 AM
Jcross triaged this task as Low priority.Feb 6 2020, 6:05 PM
Jcross lowered the priority of this task from Low to Lowest.
Jcross moved this task from Incoming to Back Orders on the Security Readiness Reviews board.
Jcross added a subscriber: Jcross.Feb 6 2020, 6:13 PM

@Wugapodes - thanks for submitting this review. Is the goal in working upon and reviewing this extension to eventually get it into WMF production? If so, does it have any sponsoring WMF team or collective of individuals within Tech or Product? if there isn't a WMF sponsor and target deployment date, the Security-Team will have to triage this task as a lower priority for now. Thank you!

Wugapodes added a comment.EditedFeb 6 2020, 6:20 PM

@Jcross Thanks for the triage. That is the goal, yes, however no WMF team is sponsoring this project yet so T244075 has been stalled. You should probably triage this task as lowest priority or stall it (depending on your workflow) until I can talk more with WMF stakeholders. Thanks!

Aklapper changed the visibility from "All Users" to "Public (No Login Required)".Feb 6 2020, 6:21 PM
DannyS712 raised the priority of this task from Lowest to Needs Triage.Sun, Mar 8, 10:45 AM

@Wugapodes - thanks for submitting this review. Is the goal in working upon and reviewing this extension to eventually get it into WMF production? If so, does it have any sponsoring WMF team or collective of individuals within Tech or Product? if there isn't a WMF sponsor and target deployment date, the Security-Team will have to triage this task as a lower priority for now. Thank you!

Hey there.
Which member of Wikimedia staff is sponsoring this work?

Wugapodes reached out to me, and I discussed with this with other members of Community Tech. I think we'd like to help! I'm not sure what all you need from us, but we can commit some time to code review and assisting with deployment.

Requesting retriage per commitment from community tech

DannyS712 updated the task description. (Show Details)Sun, Mar 8, 10:46 AM
chasemp moved this task from Incoming to Watching on the secscrum board.Tue, Mar 10, 8:13 PM
DannyS712 updated the task description. (Show Details)Sun, Mar 22, 10:01 PM
DannyS712 added a subscriber: chasemp.

@chasemp this was moved to "Watching" on secscrum - who should be contacted to conduct the review? Security Readiness Reviews says that "Workboard is tracked at secscrum."

@DannyS712 - per our SOP under Submission and Timelines, we'll still need some additional information before we can re-triage and schedule this review, namely the target date for deployment (Community-Tech as the deployment sponsors will need to confirm this) and a branch and commit sha signifying the development stopping point for the review, as we cannot review a moving target. If that's just 3515ac6, that's fine - please feel free to add it to the task description.