Page MenuHomePhabricator
Create Task
Maniphest T244165

Convert #Security to acl*Security
Closed, ResolvedPublic
Actions

Description

Note: for historical task protection to remain we need to usurp the /existing/ project used as an acl and create a second project for tagging purposes only. This is in the same spirit as T90491. We currently have hundreds of tasks that would be useful for volunteers to follow tagged with Security. Related blog post.

  • Determine #acl*security access subgroups
  • Create first subproject of acl*security_volunteer (this will inherit all users)
  • Create subsequent subprojects and add members as appropriate
  • Create a new security project for tagging only (security-related)
  • Add security-related to all existing tasks tagged with #security
  • add a herald rule to add #security-related to all tasks if tagged with #acl*security (H353)
  • Add all members of original security project to transitional security-related
    • security-related still needs to be protected until the protect as security issue is changed
  • update security forms to add Security
  • rename #security to #acl*security (remove security alias)
  • rename security-related to security
  • T245201. Update protect as security issue to use acl*security (since this is by name and not phid)
  • remove #acl*security from all tasks as a tag
  • fix herald rule H353 (T245773)
  • convert Security to an open group
  • email to wikitech-l as an FYI

Related Objects
Search...

Event Timeline

chasemp created this task.Feb 3 2020, 7:46 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 3 2020, 7:46 PM
chasemp updated the task description. (Show Details)Feb 3 2020, 7:46 PM
chasemp triaged this task as Medium priority.Feb 3 2020, 7:49 PM

Current members:

chasemp (Chase)
security
Anomie (Brad Jorsch)
Senior Software Engineer, WMF
bd808 (Bryan Davis)
Principal Software Engineer, Technical Engagement
demon (Chad Horohoe)
That old guy who says get off my lawn
Deskana (Dan Garry)
dr0ptp4kt (Adam Baso)
Engineering Director Wikimedia Foundation (Reading)
faidon (Faidon Liambotis)
SRE
greg (Greg Grossmeier)
Director of Engineering Productivity
hoo (Marius Hoch)
Jalexander (James Alexander)
Jdforrester-WMF (James D. Forrester)
Software Engineer
Krinkle (Timo Tijhof)
Principal Engineer (Performance)
matmarex (Bartosz Dziewoński)
Software Engineer
MaxSem (Max Semenik)
Reedy (Sam Reed)
Breaker of Wikis
mmodell (Mukunda Modell)
Release Engineer, Phabricator Admin
aaron (Aaron Schulz)
Legoktm (Legoktm)
ori (Ori Livneh)
Senior Grepper
Catrope (Roan Kattouw)
Growth team lead
tstarling (Tim Starling)
fgiunchedi (Filippo Giunchedi)
/* No comment */
BBlack (Brandon Black)
Engineering Manager, SRE Traffic Team
Joe (Giuseppe Lavagetto)
Spy
mark (Mark Bergsma)
Lead Operations Architect & Director of Technical Operations
RobH (Rob Halsell)
Operations Engineer
Jgreen (Jeff Green)
MoritzMuehlenhoff (Moritz Mühlenhoff)
Andrew (Andrew Bogott)
jcrespo (Jaime Crespo)
Sr Database Administrator
Gilles (Gilles Dubuc)
Senior Performance Engineer, WMF
Aklapper (Andre Klapper (WMF))
Developer Advocate | Boogwrangler
thcipriani (Tyler Cipriani)
¯\_(ツ)_/¯
akosiaris (Alexandros Kosiaris)
Senior Site Reliability Engineer
EBernhardson (EBernhardson)
Platonides (platonides)
Grunny (Grunny)
dduvall (Dan Duvall)
Automation Engineer
ArielGlenn (ariel)
Gehel (Guillaume Lederrey)
Operations Engineer - Discovery
jrbs (Joe Sutherland)
Trust and Safety Specialist
hashar (Antoine "hashar" Musso)
kaldari (Ryan Kaldari)
Marostegui (Manuel Aróstegui)
Volans (Riccardo Coccioli)
SRE
mobrovac (Marko Obrovac)
Spy
elukey (Luca Toscano)
ema (Emanuele Rocca)
Senior Site Reliability Engineer, Traffic Team
Ejegg (Elliott Eggleston)
Nikerabbit (Niklas Laxström)
Senior Software Engineer, Language team · i18n and translation expert
Jrbranaa (Jean-Rene Branaa)
Technical Program Manager - Quality
ayounsi (Arzhel Younsi)
Network Engineer
Matanya (matanya)
Volunteer
APalmer_WMF (Aeryn Palmer)
Legal Counsel at Wikimedia Foundation
dbarratt (David Barratt)
Software Engineer, Anti-Harassment Tools
herron (Keith Herron)
Ops Engineer
Halfak (Aaron Halfaker, EpochFail, halfak)
Principal Research Scientist
Kbrown (Karen Brown)
Niharika (Niharika)
Product Manager, Community Tech team
Samwilson (Sam Wilson)
Software Engineer (Community Tech) & volunteer
MusikAnimal
Senior Problem Maker
EBjune (Erika Bjune)
Acting Chief Technology Officer and Director of Engineering, FR Tech
aborrero (arturo)
Operations Engineer at Wikimedia Cloud Services Team
Addshore (Adam_WMDE)
Community & WMDE Developer (Wikidata Tech Lead 🐢)
JBennett (John Bennett)
Vgutierrez (Valentín Gutiérrez)
Traffic Security Engineer
Bstorm (Brooke)
Ops Witch -- Wikimedia Cloud Services Team
Ladsgroup (Amir Sarabadani (WMDE))
Shah of Bugs
zeljkofilipin (Željko Filipin)
Software Engineer (International contractor)
sbassett (Scott Bassett)
Application Security Engineer
Quiddity (Nick Wilson)
Documentation Specialist and endlessly curious volunteer
security_team_bot (secbot)
Bot for the Security Team
LarsWirzenius (Lars Wirzenius)
Mooeypoo (Moriel Schottlender)
Tech Lead, CommTech and Anti Harassment Team
MBinder_WMF (Max Binder)
Team Effectiveness Coach, Wikimedia Foundation (Audiences)
CCicalese_WMF (Cindy Cicalese)
Ottomata (Andrew Otto)
JanWMF (Jan Eissfeldt)
Thargrovewmf (ty)
Kalliope (Kalliope_WMF)
SPoore (Sydney Poore)
Wikimedia Foundation, Community health strategist
sguebo_WMF (Samuel Guebo)
CSteigenberger (Christel Steigenberger)
Mdennis-WMF (Maggie Dennis)
PEarleyWMF (Patrick Earley)
jijiki (effie mouzeli)
is an animal
jeena (Jeena Huneidi)
CDanis (Chris Danis)
SRE @ WMF
jbond (John Bond)
Daimona
Musician
Dsharpe (Dsharpe)
Bsadowski1 (Bsadowski1)
HakanIST (Hakan)
Volunteer
MarcoAurelio
Chief Mouser to the Wikimedia Phabricator (also Wikimedia Steward)
Matiia
Melos (Melos)
Pmlineditor
QuiteUnusual
Ruslik0 (Ruslan)
Steward
Rxy (rxy)
Wikimedia Steward
Samtar
Animal
Shanmugamp7 (Shanmugam)
Sjoerddebruin (Sjoerd de Bruin)
sysop: nlwiki, Wikidata | oversighter: Wikidata | Wikimedia Steward
Stryn (Stryn)
admin on Wikidata, Meta-Wiki and Finnish Wikipedia | Wikimedia steward
Teles (Teles)
Trijnstel (Trijnstel)
alanajjar (علاء)
Alaa
revi (revi)
Chief Laziness Officer
brennen (Brennen Bearnes)
Wim_b (Wim b)
Animal
Base (Bohdan Melnychuk)
daniel (Daniel Kinzler)
kchapman (Kate Chapman)
kolbert (kolbert)
Schniggendiller
JAufrecht (Joel Aufrecht)
marcella (Marcella)
aezell (Alex Ezell)
Engineering Manager (WMF)
JFishback_WMF (James)
WDoranWMF (Will Doran)
mepps (Maggie Epps)
JHedden (Jason Hedden)
fsero (fsero)
Jcross (Jennifer Cross)
Project Manager
colewhite (cwhite)
Urbanecm
Phamhi (Phamhi)
Operations Engineer at Wikimedia Cloud Services Team
Dwisehaupt (Dallas Wisehaupt)
Tchanders
Dzahn (Daniel Zahn)
Operations Engineer
eprodromou (Evan Prodromou)
Tgr (Gergő Tisza)
Software Engineer, WMF
WMDE-leszek (Leszek Manicki)
Tobi_WMDE_SW (Tobi Gritschacher)
Engineering Manager @ Wikimedia Deutschland
HMonroy
Pchelolo

chasemp added a comment.EditedFeb 3 2020, 8:28 PM

roughly

security-team

  • JFishback_WMF
  • security_team_bot
  • chasemp
  • Reedy
  • sbassett
  • Dsharpe
  • Jcross

trusa

  • PEarleyWMF
  • JanWMF
  • jrbs
  • Kbrown
  • Thargrovewmf
  • Kalliope
  • SPoore
  • sguebo_WMF
  • CSteigenberger

sre

  • JHedden
  • fsero
  • colewhite
  • Phamhi
  • Dwisehaupt
  • Dzahn
  • jbond
  • CDanis
  • Ottomata
  • herron
  • jijiki
  • ema
  • elukey
  • Volans
  • Marostegui
  • Gehel
  • ArielGlenn
  • akosiaris
  • fgiunchedi
  • Joe
  • RobH
  • Jgreen
  • MoritzMuehlenhoff
  • Andrew
  • jcrespo
  • ayounsi
  • aborrero
  • Vgutierrez
  • Bstorm

releng

  • brennen
  • jeena
  • zeljkofilipin
  • Jrbranaa
  • mmodell
  • dduvall
  • hashar
  • LarsWirzenius

dev

  • Tchanders
  • HMonroy
  • daniel
  • Tgr
  • Pchelolo
  • Bsadowski1
  • Mooeypoo
  • Ladsgroup
  • Samwilson
  • MusikAnimal
  • Niharika
  • Halfak
  • Gilles
  • Anomie
  • Jdforrester-WMF
  • Krinkle
  • matmarex
  • MaxSem
  • aaron
  • Legoktm
  • Catrope
  • tstarling
  • EBernhardson
  • Ejegg
  • Nikerabbit
  • dbarratt

manager

  • mepps
  • kchapman
  • marcella
  • aezell
  • WDoranWMF
  • Mdennis-WMF
  • JBennett
  • EBjune
  • thcipriani
  • BBlack
  • faidon
  • bd808
  • dr0ptp4kt
  • greg
  • mark
  • kaldari

Program Manager

  • JAufrecht

product_manager

  • CCicalese_WMF
  • MBinder_WMF
  • eprodromou

documentation

  • Quiddity

bugwrangling

  • Aklapper

steward

  • Schniggendiller
  • kolbert
  • MarcoAurelio
  • hoo
  • Matiia
  • Melos
  • Pmlineditor
  • QuiteUnusual
  • Ruslik0
  • Rxy
  • Samtar
  • Shanmugamp7
  • Sjoerddebruin
  • Stryn
  • Teles
  • Trijnstel
  • alanajjar
  • revi

volunteer

  • Base
  • Urbanecm
  • HakanIST
  • demon
  • Deskana
  • Jalexander
  • ori
  • Platonides
  • Grunny
  • mobrovac
  • Matanya
  • Daimona
  • Wim_b

legal

  • APalmer_WMF

wmde

  • Addshore
  • Tobi_WMDE_SW
  • WMDE-leszek
chasemp updated the task description. (Show Details)Feb 3 2020, 8:33 PM
sbassett subscribed.Feb 3 2020, 8:37 PM
In T244165#5845944, @chasemp wrote:

volunteer

  • Tchanders

I believe they are wmf, see: https://www.mediawiki.org/wiki/Anti-Harassment_Tools and T231608#5455253.

chasemp added a project: Phabricator.Feb 3 2020, 10:30 PM
Peachey88 subscribed.Feb 4 2020, 10:23 AM
chasemp added a comment.Feb 4 2020, 4:57 PM
In T244165#5845967, @sbassett wrote:
In T244165#5845944, @chasemp wrote:

volunteer

  • Tchanders

I believe they are wmf, see: https://www.mediawiki.org/wiki/Anti-Harassment_Tools and T231608#5455253.

thanks, updated

revi subscribed.Feb 5 2020, 1:16 PM

Base, HakanIST, Matanya, Wim_b are stew.

chasemp moved this task from Incoming to In Progress on the Security-Team board.Feb 10 2020, 3:18 PM
chasemp mentioned this in test-members-move-to-subproject.Feb 10 2020, 10:01 PM
chasemp mentioned this in test-members-move-to-subproject-initial.
chasemp mentioned this in acl*security_volunteer.Feb 10 2020, 10:07 PM
chasemp mentioned this in acl*security_secteam.
chasemp mentioned this in acl*security_trusa.Feb 10 2020, 10:11 PM
chasemp mentioned this in acl*security_sre.Feb 10 2020, 10:13 PM
chasemp mentioned this in acl*security_releng.Feb 10 2020, 10:16 PM
chasemp mentioned this in acl*security_developer.Feb 10 2020, 10:19 PM
chasemp mentioned this in acl*security_management.
chasemp mentioned this in acl*security_steward.Feb 10 2020, 10:27 PM
chasemp mentioned this in acl*security.Feb 10 2020, 10:31 PM
chasemp renamed this task from Convert #Security to acl*Security_Task_Access to Convert #Security to acl*Security.Feb 10 2020, 10:43 PM
chasemp updated the task description. (Show Details)Feb 10 2020, 10:47 PM
chasemp mentioned this in Security.
chasemp updated the task description. (Show Details)Feb 10 2020, 10:54 PM
chasemp added a project: Security.Feb 10 2020, 10:56 PM
chasemp updated the task description. (Show Details)Feb 10 2020, 11:02 PM
chasemp updated the task description. (Show Details)Feb 10 2020, 11:05 PM
chasemp updated the task description. (Show Details)
chasemp added a comment.Feb 10 2020, 11:12 PM
In T244165#5851979, @revi wrote:

Base, HakanIST, Matanya, Wim_b are stew.

thanks!

DannyS712 updated the task description. (Show Details)Feb 10 2020, 11:41 PM
chasemp updated the task description. (Show Details)Feb 13 2020, 8:29 PM
chasemp updated the task description. (Show Details)Feb 13 2020, 8:31 PM
chasemp updated the task description. (Show Details)Feb 13 2020, 8:38 PM
chasemp updated the task description. (Show Details)
chasemp updated the task description. (Show Details)
chasemp updated the task description. (Show Details)Feb 13 2020, 8:44 PM
Bugreporter subscribed.Feb 13 2020, 10:53 PM

acl*security_steward

We already have acl*stewards. Is it nececessary to make a second group? (per T131766, T163260 and T217361 stewards may often require accessing security issues)

revi added a comment.Feb 13 2020, 10:56 PM
In T244165#5883579, @Bugreporter wrote:

acl*security_steward

We already have acl*stewards. Is it nececessary to make a second group? (per T131766, T163260 and T217361 stewards may often require accessing security issues)

For some reasons acl*stewards act as canonical list of stewards on phab, and acl*security_stewards group for phab is subset of acl*stew.

Bugreporter added a comment.Feb 13 2020, 11:02 PM

So, is it really required for all stewards to have access to security issue?

(If yes, the group is redundant. If no, please explain T217361.)

Or acl*security_stewards will means stewards with no other ways accessing security tasks (but this means managing members of this group will not be easier than managing acl*stewards.)

revi added a comment.Feb 13 2020, 11:08 PM
In T244165#5883590, @Bugreporter wrote:

Or acl*security_stewards will means stewards with no other ways accessing security tasks (but this means managing members of this group will not be easier than managing acl*stewards.)

More of this. As I said earlier, (while you might be able to guess the differences between acl_security-stew and acl_stew), I am not going to tell you what is the difference in public.

List of stewards generally changes once a year (when SE concludes) and sporadic resignations can be handled as needed. And for now we can simply remove people from the group without WMF security input, but it's not that hard to request it to be done.

chasemp updated the task description. (Show Details)Feb 20 2020, 7:27 PM
chasemp updated the task description. (Show Details)Feb 20 2020, 7:31 PM
chasemp updated the task description. (Show Details)Feb 20 2020, 7:34 PM
Stashbot added a comment.Feb 20 2020, 7:51 PM

Mentioned in SAL (#wikimedia-operations) [2020-02-20T19:51:10Z] <twentyafterfour> deploying phabricator hotfix: https://phabricator.wikimedia.org/rPHEX2f36eee7ce67eb0c09e9bb0e79b42fc3b41d3597 for T244165

chasemp removed a project: acl*security.Feb 20 2020, 8:06 PM
chasemp closed subtask T245201: Update protect as security issue to use acl*security as Resolved.Feb 20 2020, 8:07 PM
chasemp updated the task description. (Show Details)
chasemp updated the task description. (Show Details)Feb 20 2020, 8:20 PM
chasemp updated the task description. (Show Details)Feb 20 2020, 8:24 PM
chasemp updated the task description. (Show Details)
chasemp updated the task description. (Show Details)Feb 20 2020, 8:29 PM
chasemp updated the task description. (Show Details)Feb 20 2020, 8:38 PM
chasemp closed this task as Resolved.Feb 20 2020, 8:45 PM
chasemp updated the task description. (Show Details)
Aklapper added a comment.Feb 21 2020, 10:44 AM

@chasemp: Well done, my props.

FYI, I also tweaked the "Restricting access to tasks" docs a bit, to hopefully have less to-be-restricted tasks mis-protected as Security items in the long run.

chasemp added a comment.Feb 21 2020, 4:26 PM
In T244165#5906409, @Aklapper wrote:

@chasemp: Well done, my props.

FYI, I also tweaked the "Restricting access to tasks" docs a bit, to hopefully have less to-be-restricted tasks mis-protected as Security items in the long run.

Cheers. I learned everything I know from you @Aklapper.

DannyS712 subscribed.Mar 15 2020, 2:43 AM

@chasemp on the assumption that they were no longer needed, I've archived test-members-move-to-subproject and test-members-move-to-subproject-initial Please let me know if they were meant to be kept

Aklapper mentioned this in T289001: Rename H310 "OTRS" -> "Znuny".Aug 16 2021, 8:53 PM
Zabe subscribed.Apr 12 2022, 7:04 PM

I think Bsadowski1 should be in acl*security_steward and not in acl*security_developer.

sbassett added a comment.Apr 12 2022, 8:04 PM
In T244165#7849228, @Zabe wrote:

I think Bsadowski1 should be in acl*security_steward and not in acl*security_developer.

Verified via https://meta.wikimedia.org/wiki/Stewards and done.

Aklapper mentioned this in T311721: Onboard Cleo to Security Team.Jul 12 2022, 3:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL