Page MenuHomePhabricator

Review access to security tasks
Closed, ResolvedPublic

Description

@Reedy, @Eloquence, @MarkAHershberger, you all have access to security tasks, and I'm happy for you to keep that access if you would like it. If you're doing work for the WMF and need access, just let me know what that is. If you would like access as a volunteer, let me know if you've signed a Volunteer NDA.

@siebrand, I've lost track if you're still contracting or not. Can you let me know if you still need / want access?

Feel free to email me directly if you're not comfortable posting here.

Event Timeline

csteipp created this task.May 1 2015, 10:41 PM
csteipp claimed this task.
csteipp raised the priority of this task from to Needs Triage.
csteipp updated the task description. (Show Details)
csteipp added a project: Security-Team.
csteipp added subscribers: csteipp, siebrand, Eloquence and 2 others.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 1 2015, 10:41 PM

@csteipp still contracting and would still like to keep access.

I believe I've signed an NDA, but I don't know if it would apply to my work as a volunteer. I'm happy to sign one if needed.

Krenair added a subscriber: Krenair.May 2 2015, 3:45 PM

@csteipp still contracting and would still like to keep access.

Cool, thanks!

csteipp moved this task from Backlog to In Progress on the Security-Team board.May 4 2015, 10:20 PM
csteipp triaged this task as Low priority.Jul 10 2015, 5:52 PM
csteipp moved this task from In Progress to Backlog on the Security-Team board.Aug 11 2015, 7:32 PM

So that just leaves Eloquence, and somebody figuring out what the status behind Mark's NDA is.

I've removed a few people today who are not employees, I don't have confirmation they have an NDA with us, and they don't have two-factor authentication enabled:
@Manybubbles
@Eloquence
@Philippe-WMF
@Springle
@MarkAHershberger

If any of you would like access restored, I need confirmation of NDA, and have you enable 2FA on your account.

@Springle apparently has an NDA with us, and has root on our servers, so re-enabling his access.

I believe springle and manybubbles still have server access, so probably NDAs.

csteipp added a subscriber: Joe.Jan 26 2016, 6:45 PM

I believe springle and manybubbles still have server access, so probably NDAs.

@Joe vouched for spingle. If anyone can point to manybubbles'es NDA, happy to re-add.

@MarkAHershberger
If any of you would like access restored, I need confirmation of NDA, and have you enable 2FA on your account.

I have enabled 2fa. Is my NDA not active? (I know, I should have checked while I was in SF a few weeks ago...)

Aklapper removed csteipp as the assignee of this task.Dec 9 2017, 12:02 PM

Is this still wanted / needed? Resetting assignee.
Also note that https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Policy/Access_To_Security_Issues has been created in the meantime.

Bawolff closed this task as Resolved.Dec 9 2017, 12:05 PM
Bawolff claimed this task.
Bawolff added a subscriber: Bawolff.

Well it may make sense to reaudit the list, this bug is really old so if we were to do that, we would probably have to start from scratch anyways

sbassett moved this task from Backlog to Done on the Security-Team board.Jun 11 2019, 7:17 PM