Fri, Jun 11
I spoke with the requestor. We came up with a plan to hit their 1 July 2021 date, and we will work that through the normal Coupa process.
Tue, Jun 8
Done. Welcome aboard!
Fri, Jun 4
Thanks @bcampbell !
Wed, Jun 2
I changed the two identified to "Last reviewed on" as suggested. If there are more, we'll clean those up as well when we find them. Thank you!
Sun, May 30
https://www.mediawiki.org/w/index.php?title=Security/SOP/Access_to_Phabricator_Security_Issues&oldid=4423633 (15mo) has been corrected as suggested in this task. We don't review SOPs annually. We do for things like security policy. Thanks for pointing this out. I'll leave the other finding for the folks that maintain that article.
Tue, May 25
Hello @RoySmith ! Can you access T265845 now?
Sat, May 22
Is there anything at all hosted in WMCS that is too risky (e.g. production depends on it to function) to leave exposed to being DDoSed?
Thu, May 20
May 12 2021
Done. Welcome aboard!
May 6 2021
May 2 2021
Hello @MMandere ! Done. You will start receiving email sent to email@example.com starting now.
Apr 23 2021
As long as the new vendor-maintained solution works in accordance with the writeup we got on 24 July 2020, the vendor security review portion of this request is fine.
If you decide to proceed, we'll catch this request as it flows through Coupa (please make sure to mark "yes" for "Is this a SaaS request, and that will cause our part of the review process to start).
Apr 19 2021
Yes, it is the current process for most things. We'll jump in as part of the Coupa process (for SaaS-related vendors only right now) because we don't have the capacity to review potentially several vendors for every initiative across the Foundation. Once a team has progressed far enough to where they are ready to buy, then we take a look. The Coupa process might also, depending on what is being purchased, kick off other helpful reviews by Legal and Privacy.
Hello @CKoerner_WMF ! My understanding ready through this task is that we haven't bought anything from https://theeventscalendar.com/ yet. If the Foundation decides to do so, then when that spend flows through Coupa it should be marked as a SaaS-related request and automatically trigger a vendor security review. I haven't seen anything about this purchase in Coupa. Did I miss something?
Apr 17 2021
Hi @bcampbell ! Is the last diagram from the vendor from our 24 July 2020 meeting still accurate given what the vendor has created now, especially for the part about burning keys after use? I'll send over the link if that helps. Are the listed pros and cons from that document still exactly the same with their current offering and our planned implementation?
Apr 8 2021
Done. Thank you!
Mar 15 2021
Complete. Access removed.
Mar 8 2021
I added you the acl*security_team group already.
Mar 5 2021
Access granted. Please let me know if you have any problems.
Done. The requested access has been configured for all 5.
Mar 4 2021
Hi @Esanders ! Having access to security content in Phabricator requires enabling 2FA: https://www.mediawiki.org/wiki/Phabricator/Help#Multi-factor_authentication. Would you mind getting that set up please? Thank you!
Mar 2 2021
For the accounts listed for removal, I removed the ones I could find from acl*security_steward access. As for granting the new people's access, I am working on confirming any required NDA/confidentiality agreements are done and recorded.
Feb 18 2021
Done. Please let me know if you have any issues with your access.
Feb 2 2021
Done. Please let us know if you have any issues with this access.
Feb 1 2021
Jan 29 2021
Done. Please let me know if you have any issues with this access.
Done. Please let me know if you have any trouble with your new access.
Dec 8 2020
Nov 30 2020
Done. Thank you!
Nov 12 2020
Maybe I should leave this open to make sure you have access to the IRC channel that you intended. I granted access for you to to #wikimedia-security. That is the only one I can do.
Done. I added you to #wikimedia-security. That is the only one I can do.
Done. Please let me know if anything isn't working.
Oct 11 2020
I am able to make this change as an owner of that group in Google. Done.
Sep 28 2020
Thank you! The requested access has been configured for you.
Hi @Clarakosi ! There are two things that our process for granting this type of access calls for that don't appear to be set yet on you Phabricator account.
Sep 22 2020
Sep 21 2020
Hi @razzi ! Welcome aboard! Can you access #wikimedia-security now?
Sep 18 2020
Welcome aboard @razzi ! Would you mind going through the IRC nickname/cloak instructions at https://office.wikimedia.org/wiki/ITS/IRC#Register_your_nickname please? That provides a little more protection around your account.
Sep 14 2020
Sep 13 2020
I just now invited you again. Please try again.
Sep 11 2020
Hi @LSobanski I invited you to #wikimedia-security . Can you successfully access that channel now?
Sep 4 2020
Sep 3 2020
@LSobanski I'll check every couple days to see when the cloak change goes into effect, but if you see it first, please update here. Thank you!
Sep 2 2020
Welcome aboard @LSobanski ! Would you mind first going through the IRC nickname/cloak instructions at https://office.wikimedia.org/wiki/ITS/IRC#Register_your_nickname please? That provides a little more protection around your account.
Jul 27 2020