Due to the recent xz utils attack, the security team has been requested to do a threat model to see what the likelihood of a similar attack would be with mediawiki.
So far the plan is to do some modeling and connections between the following three areas
- gerrit and who has +2 access
- jenkins and possibly uploading malicious binaries
- external libraries and how those could be used for supply chain attacks