Page MenuHomePhabricator
Create Task
Maniphest T333722

Decommission #wikimedia-security IRC channel
Open, Stalled, LowPublic
Actions

Description

I propose (with the Security-Team's support) that we decommission the #wikimedia-security IRC channel on Libera.Chat for the following reasons:

  1. It receives very little traffic, mostly in the form of links to random security articles or off-topic grousing.
  2. It never ended up replacing or providing a meaningful alternative to the long-extant #mediawiki_security channel.
  3. There are still plenty of ways to contact security team folks on IRC - @Reedy and I are on there fairly regularly, including in the aforementioned #mediawiki_security channel.
  4. There are plenty of other ways to contact members of the security team, including our various WMF Slack channels (notably #talk-to-security) and various email addresses: security@, security-team@ and security-help@. Reedy and I have pubkeys as well.

Related Objects

Event Timeline

sbassett created this task.Mar 31 2023, 8:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 31 2023, 8:00 PM
sbassett renamed this task from Decomission #wikimedia-security IRC channel to Decommission #wikimedia-security IRC channel.Mar 31 2023, 8:02 PM
sbassett updated the task description. (Show Details)
bd808 awarded a token.Mar 31 2023, 8:04 PM
Quiddity awarded a token.Apr 1 2023, 12:03 AM
Peachey88 subscribed.Apr 1 2023, 1:52 AM
Urbanecm subscribed.Apr 1 2023, 9:50 AM
Zabe subscribed.Apr 1 2023, 11:45 AM
Legoktm subscribed.Apr 2 2023, 4:13 AM

I think this makes sense, but at the same time I think the list in the task description illustrates there is no real forum for discussing MediaWiki security issues outside of well, Phabricator tasks, which doesn't really scale for broader things and IMO tends to get lost in all the other bugmail (might be just me!).

We used to have a mediawiki-security discussion mailing list that csteipp briefly used, maybe we can consider bringing it back?

MarcoAurelio subscribed.Apr 2 2023, 8:30 PM

No opinion. It is true that the channel does not have much activity, especially since _security seems to be used one. However if the -security one gets closed, I'd like to request that I be allowed into _security one so I can keep reporting security issues or incidents if possible. Thanks.

sbassett added a comment.Apr 3 2023, 3:29 PM

Ok, sounds like we have some mild consensus so far, at least. I'm fine leaving this open for another week or so and will then likely decom the channel. @Legoktm - I'm fine setting up a new security discussion list. I imagine that'd also be low-traffic but it's also low-cost to establish.

sbassett changed the task status from Open to In Progress.Apr 3 2023, 4:20 PM
sbassett claimed this task.
sbassett triaged this task as Low priority.
sbassett added a project: user-sbassett.
sbassett moved this task from Incoming to In Progress on the Security-Team board.
sbassett moved this task from Backlog to In Progress on the user-sbassett board.
Urbanecm added a comment.Apr 3 2023, 5:30 PM
In T333722#8748884, @MarcoAurelio wrote:

No opinion. It is true that the channel does not have much activity, especially since _security seems to be used one. However if the -security one gets closed, I'd like to request that I be allowed into _security one so I can keep reporting security issues or incidents if possible. Thanks.

I agree (also see what i mentioned in -security itself). We've some security team members in the internal steward coordination channel (do we want to add others?), so perhaps this is not an issue for stewards, but maybe similar "where to coordinate with secteam" questions exist for other secteam partners?

sbassett mentioned this in T333870: Add MarcoAurelio to #mediawiki_security.Apr 3 2023, 6:43 PM
sbassett reassigned this task from sbassett to Reedy.Apr 24 2023, 4:45 PM
sbassett changed the task status from In Progress to Stalled.Jul 10 2023, 5:45 PM
sbassett removed a project: user-sbassett.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits