Page MenuHomePhabricator

Review security landing page
Closed, ResolvedPublic


This task is part of a project to establish a formal review process and set of standards for Wikimedia technical documentation. For more information, visit the project page on


To do

  • Typos: The page has been reviewed for typos.
  • Inclusive language: The page uses non-gendered language and avoids the terms listed in the [[inclusive language]] guide.
  • Working examples: Commands and examples have been tested or reviewed for accuracy.
    • None included
  • Links: Links on the page work.

Event Timeline

Aklapper triaged this task as Low priority.

Boldly adding Security-Team per my last comment, as I wonder 1) if there is agreement on what I wrote, and 2) if there would be capacity on the Security team to go through the training/tutorial/"Best Practices" pages (in my second sub bullet point under "subpages take") to review and fix things (as I lack knowledge myself).

sbassett added a project: SecTeam-Processed.
sbassett added a subscriber: sbassett.

Hey @Aklapper - this isn't really prioritized work for the Security-Team at the moment, but we'll have a chat about it tomorrow at our appsec team meeting.

Hey @Aklapper - the AppSec folks (@Mstyles, @mmartorana, @Reedy, @sbassett) took a look at this at our team meeting. Some comments follow below:

Yes, this seems appropriate, thanks.

@Reedy just deleted the SDLC page - it was never used by any recent version of the Security-Team AFAIK. The Architecture page seems ok, at a glance. There's still some relevant information there, but like a lot of these sub-pages, it hasn't really been meaningfully updated in several years.

Security_for_developers/Training has now been redirected per the item below.

Security_for_developers/Training is now a #REDIRECT to Security_for_developers/Tutorial.


Whou, thanks a lot! (I didn't expect the team to clean up themselves but only hoped for feedback - highly appreciated!)

Alright, looks like we could start the content review of the actual page already.

Heh, diving deeper, I only now realized that might be a duplicate of that. ^

I think this page can also just be deleted. It serves no purpose for the current Security-Team.

And I wonder if should be linked from anywhere (or maybe just merged into some other page).

mw:Security/Reference/Security_for_libraries is likely superseded by mw:Wikimedia_Security_Team/Third_Party_Code_Review_Checklist, which is what the current Security-Team uses as a baseline for any third party/vendor code. So this can likely become a redirect.

And if should link to

mw:Security/Training should probably just be re-titled as Training_Resources or something along those lines, indicating that's it really just a collection of links and other resources for people interested in security-related training. I don't think it probably belongs on mw:Security_for_developers/Tutorial as that page is more about very specific coding examples and is already fairly lengthy.

(For the records, I also made some followup edits in and )

Looks good, thanks!

Aklapper updated the task description. (Show Details)
Aklapper updated the task description. (Show Details)