Mon, Feb 10
Mon, Feb 3
Is there any update on this one? I ask because it is blocking "Update WMF run
bots using certificate auth (Phaste Bot and bzimport) to use token auth" action item in incident https://docs.google.com/document/d/1tXV7eKaKPz4Qh5CH0VdVspeCvTef6jafVWkVrQt-lZQ/edit#, which is blocking "Invalidate / rotate credentials stored in phabricator". Is there anything that I can do to help move this one forward? Thank you!
Jan 22 2020
Your planned schedule is far better. I just didn't want to rush anyone.
I would suggest stepping around/over All Hands, in case anything goes wrong.
Jan 20 2020
@MarcoAurelio Yes, you can do it on your own manually. The best way seems to be to first create a third auth factor in Phab, then delete the old one in Phab. If you leave both there, you will have 3FA and have to use both until the old one is removed. And please don't remove anything from your phone's authenticator app until you after are done in Phab.
Jan 16 2020
Jan 9 2020
The investigation is now 100% done. Please remove my (dsharpe) access from server mendelevium.eqiad.wmnet. Thank you so much!!!
Jan 8 2020
I am all set now. Thanks!
Jan 7 2020
@Dzahn - Perfect! Thank you!
Jan 6 2020
Dec 18 2019
I assume abuse@ is managed by SRE, so I was hoping this would magically get routed to the right person. What else do I need to add to move this along? Thank you!
Sep 23 2019
I added @eprodromou as a member of https://phabricator.wikimedia.org/project/members/30/. Is that all that needed to be done?
Complete. The rest of the policies owed will be at least in draft form by 31 Dec 2019.
Sep 3 2019
Aug 26 2019
Aug 8 2019
The AUP was approved and is in effect.
The AUP was approved and is in effect. The AUP training session is set for the first Security Awareness Sessions meeting, (specific date TBD but likely mid to late August 2019)
Security Incident Response Policy is complete, and set for annual reviews. SIRP training is done for 2019.
4Q 2019 tabletop completed on 20 June 2019.
That document lives in Google doc form for now. It was intended to plan how the new Foundation (internal) Security Council concept should work. I'll check with John when he returns to see if it can be moved elsewhere. It has links to a couple other internal documents.
All prep work was completed, and the monthly Security Council meetings are happening (two already done, I forgot to close this task).
May 21 2019
Apr 23 2019
The Acceptable Use Policy is currently in review, and lives at https://office.wikimedia.org/wiki/Security/Policy/Candidates/Acceptable_Use_Policy.
Security Council charter document has been drafted and submitted for approval.
Mar 22 2019
Mar 21 2019
Jan 18 2019
Yes, the ssh key pair is entirely new, and not used any where else at all.