Page MenuHomePhabricator
Create Task
Maniphest T383098

Add BlankEclair to Security Team Hall of Fame
Closed, ResolvedPublic
Actions

Description

HoF URL: https://security.wikimedia.org/hall-of-fame/

Some documentation: https://claire.sharkgirl.ing/security_trinklets.html

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
security-landing-page: deploying updateoperations/deployment-chartsmaster+1 -1
security-landing-page: deploying updateoperations/deployment-chartsmaster+1 -1
Customize query in gerrit
Related Changes in GitLab:
TitleReferenceAuthorSource BranchDest Branch
Update CVEsrepos/sre/miscweb/security-landing-page!13mstyleshof-update-CVEmaster
Fix references to Miraheze Issue Tracker on the Hall of Famerepos/sre/miscweb/security-landing-page!12blankeclairfix-task-linksmaster
Add BlankEclair to Security Hall of Famerepos/sre/miscweb/security-landing-page!11mstyleshall-of-famemaster
Customize query in GitLab

Related Objects

Event Timeline

sbassett created this task.Jan 6 2025, 10:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 6 2025, 10:35 PM
BlankEclair subscribed.Jan 7 2025, 6:52 AM

FYI, my trinklets page lists all public vulns I've found. As of writing, all but one (NeoChat) are MediaWiki extensions or skins

Lucas_Werkmeister_WMDE awarded a token.Jan 7 2025, 9:30 AM
sbassett added a comment.Jan 7 2025, 3:11 PM
In T383098#10436210, @BlankEclair wrote:

FYI, my trinklets page lists all public vulns I've found. As of writing, all but one (NeoChat) are MediaWiki extensions or skins

Yep, I think we'll include all of the MediaWiki-related ones as separate entries in the HoF, as that seems to be the tradition.

sbassett changed the task status from Open to In Progress.Jan 13 2025, 5:21 PM
sbassett assigned this task to Mstyles.
sbassett triaged this task as Low priority.
sbassett moved this task from Incoming to In Progress on the Security-Team board.
sbassett added a project: SecTeam-Processed.
CodeReviewBot added a project: Patch-For-Review.Jan 16 2025, 12:32 AM

mstyles opened https://gitlab.wikimedia.org/repos/sre/miscweb/security-landing-page/-/merge_requests/11

Add BlankEclair to Security Hall of Fame

CodeReviewBot added a comment.Jan 17 2025, 4:59 PM

sbassett merged https://gitlab.wikimedia.org/repos/sre/miscweb/security-landing-page/-/merge_requests/11

Add BlankEclair to Security Hall of Fame

Maintenance_bot removed a project: Patch-For-Review.Jan 17 2025, 5:33 PM
gerritbot added a comment.Jan 17 2025, 6:32 PM

Change #1112270 had a related patch set uploaded (by Mstyles; author: Mstyles):

[operations/deployment-charts@master] security-landing-page: deploying update

https://gerrit.wikimedia.org/r/1112270

gerritbot added a project: Patch-For-Review.Jan 17 2025, 6:33 PM
gerritbot added a comment.Jan 17 2025, 9:01 PM

Change #1112270 merged by jenkins-bot:

[operations/deployment-charts@master] security-landing-page: deploying update

https://gerrit.wikimedia.org/r/1112270

Maintenance_bot removed a project: Patch-For-Review.Jan 17 2025, 9:30 PM
Mstyles closed this task as Resolved.Jan 18 2025, 1:08 AM
Mstyles moved this task from In Progress to Our Part Is Done on the Security-Team board.

Security landing page has been updated

RhinosF1 reopened this task as Open.Jan 18 2025, 10:28 AM
RhinosF1 moved this task from Our Part Is Done to Incoming on the Security-Team board.

Hi Security Team,

Please see https://gitlab.wikimedia.org/repos/sre/miscweb/security-landing-page/-/merge_requests/12 and in addition some of the CVEs reference the incorrect year.

Can we please show a little care and respect for a volunteer whose put a significant amount of effort into securing the Wikimedia Ecosystem?

Quite frankly, the poor management of the process behind the hall of fame and lack of review into the patch does not come across well.

Thanks,
Sam

sbassett added a comment.Jan 21 2025, 4:01 PM

I've approved and merged MR12, @Mstyles - can you get that deployed soon-ish?

Apologies for the errors, but we've never had to point to the confusingly-similar miraheze bug-tracker in the history of the security team hall of fame. We'll keep an eye out for those going forward. We've also removed the dated contact form. Not to sound too flippant, but managing the hall of fame is fairly low on our list of priorities and all of the other work for which we are tasked, so sometimes things like this slip. But they are pretty easily fixed.

CodeReviewBot added a comment.Jan 21 2025, 4:03 PM

sbassett updated https://gitlab.wikimedia.org/repos/sre/miscweb/security-landing-page/-/merge_requests/12

Fix references to Miraheze Issue Tracker on the Hall of Fame

CodeReviewBot added a comment.Jan 21 2025, 4:03 PM

sbassett merged https://gitlab.wikimedia.org/repos/sre/miscweb/security-landing-page/-/merge_requests/12

Fix references to Miraheze Issue Tracker on the Hall of Fame

RhinosF1 added a comment.Jan 21 2025, 4:19 PM

@sbassett: can you get the CVE IDs updated to the correct too?

CodeReviewBot added a project: Patch-For-Review.Jan 21 2025, 4:33 PM

mstyles opened https://gitlab.wikimedia.org/repos/sre/miscweb/security-landing-page/-/merge_requests/13

Update CVEs

sbassett changed the task status from Open to In Progress.Jan 21 2025, 4:33 PM
sbassett moved this task from Incoming to In Progress on the Security-Team board.
Mstyles added a comment.Jan 21 2025, 4:34 PM

@RhinosF1 I think it's correct now

RhinosF1 added a comment.Jan 21 2025, 4:56 PM
In T383098#10480461, @Mstyles wrote:

@RhinosF1 I think it's correct now

Can we get them deployed asap?

sbassett added a comment.Jan 24 2025, 4:48 PM
In T383098#10480602, @RhinosF1 wrote:

Can we get them deployed asap?

There's one issue in MR13. Once that's addressed, we can merge + deploy.

CodeReviewBot added a comment.Jan 27 2025, 3:07 PM

sbassett merged https://gitlab.wikimedia.org/repos/sre/miscweb/security-landing-page/-/merge_requests/13

Update CVEs

gerritbot added a comment.Jan 27 2025, 7:00 PM

Change #1114446 had a related patch set uploaded (by Mstyles; author: Mstyles):

[operations/deployment-charts@master] security-landing-page: deploying update

https://gerrit.wikimedia.org/r/1114446

gerritbot added a comment.Jan 27 2025, 8:29 PM

Change #1114446 merged by jenkins-bot:

[operations/deployment-charts@master] security-landing-page: deploying update

https://gerrit.wikimedia.org/r/1114446

Mstyles closed this task as Resolved.Jan 27 2025, 10:42 PM
Mstyles moved this task from In Progress to Our Part Is Done on the Security-Team board.

Changes deployed, apologies for the typos.

sbassett removed a project: Patch-For-Review.Jan 28 2025, 5:33 PM
SomeRandomDeveloper mentioned this in T415379: Request to add Redmin to Security Team's Hall of Fame.Jan 30 2026, 3:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits