Basic Information Section
Brief description
Apparently, there is currently no (working) mechanism to inform Maintainers of extensions regarding security issues, such that they are unable to give input and the issues are left dangling at the security team. This is particularly problematic for non-WMF deployed extensions.
In partiular, this has been the case for me at T287347. While this was not too much of a problem in that particular case, I think this should be considered for future reports.
As far as I see, composing and utilizing appropriate policies is the role of the security team.
Do you have a project/product/program plan or documentation?
Primary Contacts
What Security Team services do you anticipate needing?
There should be a policy review regarding this point.
What is the 'go live' date for deployment of this project
not applicable
Privacy Information Section
Will any sensitive data to be collected, stored or exposed?
None.
Technical Information Section
Do related discussions exist in Phab, on wiki, or in an RFC'?
- This point was raised in https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Loops/+/708415 .