Page MenuHomePhabricator

Agree and Document the Process to Include Security Fixes in MediaWiki Releases
Closed, ResolvedPublic

Description

Currently the process to include security fixes to MediaWiki releases seems to rely too much on personal & private communication? This is a fragile and indocumented process that can suffer from holidays or other absences by the individuals involved.

How should this problem be solved in the context of the imminent Bugzilla migration to Phabricator?

Event Timeline

Qgil raised the priority of this task from to Needs Triage.
Qgil updated the task description. (Show Details)
Qgil changed Security from none to None.
Qgil added a project: Wiki-Release-Team.
Qgil added a subscriber: Qgil.
Palexis triaged this task as High priority.
Palexis added subscribers: MarkAHershberger, Palexis.

What is the point of T527? How is that different than this task (which is about the process which inherently includes communication). Also "work towards" in any task summary suggests the plan is too wiggly/non-definitive. There's no easy definition of done for "work towards". Making the task is "working towards".

In fact, that task descriptions are the same....

Okay, then the tasks will be deleted with comments added.

Release team will discuss with Foundation about backup plan for Chris (the Foundation decides) and Markus (Mark).

Discuss process in Bugzilla with two criteria (patched in production and patch for master is reviewed) and flag “Ready for Release”.

Agreement has been reached, documentation will follow.

Palexis renamed this task from Agree and document the process to include security fixes in MediaWiki releases to Agree and Document the Process to Include Security Fixes in MediaWiki Releases.Oct 29 2014, 2:00 PM
Palexis reassigned this task from MarkAHershberger to Mglaser.

@Qgil, if you don't have any problems with the task being closed, I will close it later today.

Ideally this should be announced to the WMF release team and/or wikitech-l, since that is where the problem came from.

Thanks. Mark or Markus will make the announcement by tomorrow.