Name: Privacy
Type of project: Tag
Description: Tag for issues relating to reader and editor privacy.
Name: Privacy
Type of project: Tag
Description: Tag for issues relating to reader and editor privacy.
Sounds sensible, but I will defer to @Aklapper, since he has a better view on our family of tags.
I strongly support a new tag (yellow) for Privacy.
Some privacy issues are by nature security questions. However, a lot of privacy related stuff is not affected by security (which ends up somewhere in network transmission, through the outer world), but is caused by inner organization and structures.
Both security and privacy violations should get high attention, but network security and exploitable leaks are a different playing ground. I would like to go over the privacy workboard and see all challenges to be sufficiently resolved.
Some examples:
None is really a security issue in common understanding. Neither Security nor HTTPS covers privacy issues. Regarding your question: There might be a link with Privacy at top level between HTTPS as well as CheckUser, but not for every single https task dealing with particular networking details or minor CU extension functionality.
Bugs that affect a user's privacy are usually handled as security bugs, but since not all security bugs are privacy bugs (and there may be a few privacy bugs that don't end up being security issues), I would support having the separate tag.
@Aklapper, I can do most of the triage for now, since a lot of them overlap with bugs I'm already working on.
Alright, thanks for the discussion (highly appreciated!) and the patience.
As Phabricator is a public place and we should help people to find their way to associate the right projects to task, shall I add a sentence "Please note the difference to the Security and HTTPS projects by also reading their descriptions." to the description proposed in the task description here? Or something else?
Once that's been agreed on we're ready to create.
Yes, fine.
And please note: Security is a group which reads as "used in ACL's within Phabricator".
I failed to find any workboard where resolved security issues are pinned; they might be communicated via e-mail and published after leak fix deployment anyway.
To a very small extend the Vuln-* projects but I guess that MediaWiki tarball release notes on mediawiki.org are the place to look at...
Requested project has been created: Privacy
Please encourage interested people to visit the project and to join the project as members, and to subscribe themselves to the project in order to receive updates!
Recommended practices for project and workboard management in Phabricator are available.
And if for some reason you ever want to rename the project, please check the guidelines first.
Enjoy!
The new baby will need a workboard, but I don't know whether to create an empty one or copy an existing, and which parent?
See above: Recommended practices for project and workboard management in Phabricator are available (section "Workboard/sprint board columns").