Page MenuHomePhabricator
Create Task
Maniphest T255077

Add owner_account and change admins to admin_accounts in config
Closed, InvalidPublic
Actions

Description

Nick based access lists are generally not very secure, this would allow us to use nickserv account based access lists.

Details

Author Affiliation
Other (Please specify in description)

Event Timeline

MacFan4000 created this task.Jun 10 2020, 9:34 PM
Restricted Application added a project: User-MacFan4000. · View Herald TranscriptJun 10 2020, 9:34 PM
Restricted Application added subscribers: RhinosF1, Zppix, Aklapper. · View Herald Transcript
MacFan4000 claimed this task.Jun 10 2020, 9:52 PM
MacFan4000 set Security to Software security bug.Jun 10 2020, 9:57 PM
MacFan4000 added projects: Security, Security-Team.
MacFan4000 changed the visibility from "Public (No Login Required)" to "Custom Policy".
MacFan4000 changed the subtype of this task from "Task" to "Security Issue".

security task

MacFan4000 added subscribers: Examknow, TheVoidwalker, Reception123.Jun 10 2020, 9:58 PM
RhinosF1 added a comment.Jun 10 2020, 9:58 PM
In T255077#6212993, @MacFan4000 wrote:

security task

Raging troll who loves to impersonate people, this needs to be private to not give them ideas :)

MacFan4000 removed a project: Security-Team.Jun 10 2020, 9:58 PM
RhinosF1 triaged this task as High priority.Jun 10 2020, 9:59 PM
RhinosF1 changed Author Affiliation from N/A to Other (Please specify in description).
MacFan4000 closed this task as Resolved.Jun 10 2020, 10:14 PM
MacFan4000 raised the priority of this task from High to Unbreak Now!.
RhinosF1 reopened this task as Open.Jun 10 2020, 10:15 PM

Still not done, see -logs and fix the fall out.

I'd also like to leave a reminder to write docs on deploying security bugs.

RhinosF1 lowered the priority of this task from Unbreak Now! to High.Jun 10 2020, 10:18 PM

Not UBN anymore

RhinosF1 added a project: Documentation.Jun 10 2020, 10:21 PM

Issue resolved but leaving open for doc writing, can be made public

MacFan4000 changed the subtype of this task from "Security Issue" to "Task".Jun 10 2020, 11:43 PM
sbassett added a project: Security-Team.Jun 11 2020, 4:49 PM
sbassett subscribed.
In T255077#6213065, @RhinosF1 wrote:

Issue resolved but leaving open for doc writing, can be made public

I'll tag Security-Team for the public part.

sbassett lowered the priority of this task from High to Medium.Jun 17 2020, 3:37 PM
sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".
sbassett removed a project: Security-Team.
MacFan4000 added a comment.Jun 26 2020, 2:32 PM

What needs to be documented here?

RhinosF1 added a comment.Jun 26 2020, 2:33 PM
In T255077#6260186, @MacFan4000 wrote:

What needs to be documented here?

Deploying of Security issues

MacFan4000 removed MacFan4000 as the assignee of this task.Jun 26 2020, 2:38 PM
sbassett added a comment.Jun 26 2020, 4:04 PM
In T255077#6260188, @RhinosF1 wrote:
In T255077#6260186, @MacFan4000 wrote:

What needs to be documented here?

Deploying of Security issues

Just FYI - this is the current documentation for Wikimedia production: https://wikitech.wikimedia.org/wiki/How_to_deploy_code#Security_patches. I'd guess most of that could be borrowed as a template of sorts to create the documentation for ZppixBot.

RhinosF1 added a comment.Jun 26 2020, 4:06 PM

Thanks @sbassett

RhinosF1 closed this task as Invalid.Jul 1 2020, 12:53 PM

This task can now be found at https://bots-phab.miraheze.wiki/

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL