Page MenuHomePhabricator

Jcross (Jennifer Cross)
Project Manager

Projects (7)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Jul 1 2019, 6:26 PM (74 w, 4 d)
Availability
Available
IRC Nick
jencross
LDAP User
Unknown
MediaWiki User
JCross (WMF) [ Global Accounts ]

Recent Activity

Wed, Nov 25

Jcross added a comment to T260466: Security Readiness Review For GlobalWatchlist extension.

@DannyS712 I've just spoken with @Reedy and at this point "by the end of the quarter" is what we are in a position to commit to. We appreciate that the grant was scheduled for the end of November, but I'm afraid we are still limited by pandemic resourcing, such as it is.

Wed, Nov 25, 5:56 PM · MediaWiki-extensions-GlobalWatchlist, Security, secscrum, User-DannyS712, Security Readiness Reviews

Mon, Nov 16

Jcross closed T267590: Phab email account verification not received as Resolved.
Mon, Nov 16, 5:09 PM · Mail, Phabricator
Jcross added a comment to T267590: Phab email account verification not received.

@Aklapper what magic did you work? I just got 5 verification emails :)

Mon, Nov 16, 5:08 PM · Mail, Phabricator
Jcross added a comment to T267590: Phab email account verification not received.

Thanks so much for working on this. When you get to step #5 above - where you receive an email to the new address? I never get that email.

Mon, Nov 16, 4:36 PM · Mail, Phabricator

Tue, Nov 10

Jcross added a comment to T216775: Add ability to cite books by scanning their ISBN barcode in mobile web.

@JTannerWMF - we've taken a look and would appreciate it if you would fill out the Security Readiness Review form. Thanks!

Tue, Nov 10, 7:50 PM · Editing Design, Editing-team (FY2020-21 Kanban Board), User-notice, Patch-For-Review, VisualEditor, VisualEditor-MediaWiki-Mobile, Citoid

Mon, Nov 9

Jcross added a comment to T267590: Phab email account verification not received.

@Aklapper I am seeing both -ctr as primary and jcross as added but needing verification. I've clicked "verify" several times over several days and never received anything.

Mon, Nov 9, 9:29 PM · Mail, Phabricator
Jcross created T267590: Phab email account verification not received.
Mon, Nov 9, 7:49 PM · Mail, Phabricator

Nov 4 2020

Jcross updated subscribers of T257579: Security Readiness Review For WVUI and Vector dependencies needed for Vue.js search.

Hi @nnikkhoui - we were told that you are the new contact for both this ticket and https://phabricator.wikimedia.org/T257734. We're wondering if there are any changes we need to know about and whether you have a new deployment timeline? Thanks so much.

Nov 4 2020, 8:28 PM · user-sbassett, Readers-Web-Backlog (Tracking), secscrum, Security, Vue.js (Vue.js-Search)
Jcross added a comment to T266510: Security Readiness Review For Diff Blog oAuth plugin.

Hi @CKoerner_WMF - we just wanted to touch base as this is noted as a November target deployment date. With all of the holidays this month and a somewhat reduced capacity, we are looking to complete this towards the end of the month. We hope that works for your timeline?

Nov 4 2020, 5:20 PM · secscrum, Security, Security Readiness Reviews
Jcross added a comment to T260466: Security Readiness Review For GlobalWatchlist extension.

HI @MusikAnimal - we've had a few bumps in the road recently and we do plan to complete it this quarter. We'll be in touch with any questions or concerns and we apologize for the delay.

Nov 4 2020, 5:15 PM · MediaWiki-extensions-GlobalWatchlist, Security, secscrum, User-DannyS712, Security Readiness Reviews

Oct 28 2020

Jcross added a comment to T262963: Security Readiness Review For geoip2/geoip2.

Hi @Tchanders - we've moved this ticket to In Progress and I believe we are planning on having feedback for you in the next two weeks. Please let us know if you have any questions as we move forward. Thanks!

Oct 28 2020, 5:14 PM · user-sbassett, Security, secscrum, Security Readiness Reviews, Anti-Harassment, IP Info, MediaWiki-Vendor

Oct 14 2020

Jcross assigned T254947: Security Review Request for WikimediaApiPortalOAuth Extension to Reedy.
Oct 14 2020, 4:15 PM · MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Platform Team Sprints Board (Sprint 5), secscrum, MediaWiki-extensions-WikimediaApiPortalOAuth, Platform Team Initiatives (API Gateway), Security Readiness Reviews, Platform Team Workboards (Green)

Oct 9 2020

Jcross updated the task description for T265147: Offboard Chase Pettet from Security Team.
Oct 9 2020, 6:29 PM · Operations, Security-Team

Oct 7 2020

Jcross moved T260466: Security Readiness Review For GlobalWatchlist extension from In Progress to Back Orders on the secscrum board.
Oct 7 2020, 4:11 PM · MediaWiki-extensions-GlobalWatchlist, Security, secscrum, User-DannyS712, Security Readiness Reviews
Jcross moved T254947: Security Review Request for WikimediaApiPortalOAuth Extension from Waiting to Back Orders on the secscrum board.
Oct 7 2020, 4:10 PM · MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Platform Team Sprints Board (Sprint 5), secscrum, MediaWiki-extensions-WikimediaApiPortalOAuth, Platform Team Initiatives (API Gateway), Security Readiness Reviews, Platform Team Workboards (Green)
Jcross added a comment to T254947: Security Review Request for WikimediaApiPortalOAuth Extension.

Hey @WDoranWMF - this looks good and we hope to get it assigned shortly.

Oct 7 2020, 4:10 PM · MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Platform Team Sprints Board (Sprint 5), secscrum, MediaWiki-extensions-WikimediaApiPortalOAuth, Platform Team Initiatives (API Gateway), Security Readiness Reviews, Platform Team Workboards (Green)
Jcross changed the status of T260466: Security Readiness Review For GlobalWatchlist extension from Open to Stalled.

@Niharika this is currently stalled and we will have a more complete update soon.

Oct 7 2020, 4:06 PM · MediaWiki-extensions-GlobalWatchlist, Security, secscrum, User-DannyS712, Security Readiness Reviews
Jcross changed the status of T260466: Security Readiness Review For GlobalWatchlist extension, a subtask of T260862: Deploy GlobalWatchlist extension to production (Meta only), from Open to Stalled.
Oct 7 2020, 4:05 PM · User-DannyS712, User-notice, MediaWiki-extensions-GlobalWatchlist, Wikimedia-extension-review-queue, Wikimedia-Extension-setup
Jcross added a comment to T180021: Security review for extension Wikispeech.

@Lokal_Profil Thank you, sorry we missed that.

Oct 7 2020, 4:02 PM · Wikispeech-Jobrunner (Sprint), User-Sebastian_Berlin-WMSE, User-kalle, User-LokalProfil, Security Readiness Reviews, secscrum, Security, Wikispeech-Text-to-Speech, Wikispeech-WMSE

Oct 2 2020

Jcross added a comment to T254947: Security Review Request for WikimediaApiPortalOAuth Extension.

Hey @WDoranWMF Is the extension in a stable reviewable state?

Oct 2 2020, 4:11 PM · MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Platform Team Sprints Board (Sprint 5), secscrum, MediaWiki-extensions-WikimediaApiPortalOAuth, Platform Team Initiatives (API Gateway), Security Readiness Reviews, Platform Team Workboards (Green)
Jcross assigned T257734: Security Readiness Review For Vue version 3 to sbassett.
Oct 2 2020, 4:10 PM · user-sbassett, secscrum, Security Readiness Reviews, Security, Vue.js
Jcross assigned T257579: Security Readiness Review For WVUI and Vector dependencies needed for Vue.js search to sbassett.
Oct 2 2020, 4:10 PM · user-sbassett, Readers-Web-Backlog (Tracking), secscrum, Security, Vue.js (Vue.js-Search)
Jcross added a comment to T180021: Security review for extension Wikispeech.

@Lokal_Profil There are a few processes we are unable to find evidence of having been followed, and we'd be happy to provide those if you'd like - but it's largely the issue of there being no path to production that will necessitate us prioritizing this review as "Low". We simply do not have the resources to spend on reviews that do not have support plans already in place. This does not mean that we are declining, but that reviews with a support plan in place will always be worked on first. Please let us know if anything changes and we will reconsider priority.

Oct 2 2020, 4:09 PM · Wikispeech-Jobrunner (Sprint), User-Sebastian_Berlin-WMSE, User-kalle, User-LokalProfil, Security Readiness Reviews, secscrum, Security, Wikispeech-Text-to-Speech, Wikispeech-WMSE
Jcross lowered the priority of T247327: Combine RFS forms for Security Readiness Review and other RFS from Medium to Low.
Oct 2 2020, 4:05 PM · secscrum, Security-Team, RFS, Security Readiness Reviews

Sep 28 2020

Jcross lowered the priority of T247327: Combine RFS forms for Security Readiness Review and other RFS from High to Medium.
Sep 28 2020, 6:22 PM · secscrum, Security-Team, RFS, Security Readiness Reviews
Jcross raised the priority of T247327: Combine RFS forms for Security Readiness Review and other RFS from Low to High.
Sep 28 2020, 6:21 PM · secscrum, Security-Team, RFS, Security Readiness Reviews
Jcross moved T247327: Combine RFS forms for Security Readiness Review and other RFS from Waiting to Back Orders on the secscrum board.
Sep 28 2020, 6:21 PM · secscrum, Security-Team, RFS, Security Readiness Reviews
Jcross claimed T247327: Combine RFS forms for Security Readiness Review and other RFS.
Sep 28 2020, 6:21 PM · secscrum, Security-Team, RFS, Security Readiness Reviews

Sep 23 2020

Jcross moved T180021: Security review for extension Wikispeech from Incoming to Back Orders on the secscrum board.
Sep 23 2020, 4:17 PM · Wikispeech-Jobrunner (Sprint), User-Sebastian_Berlin-WMSE, User-kalle, User-LokalProfil, Security Readiness Reviews, secscrum, Security, Wikispeech-Text-to-Speech, Wikispeech-WMSE
Jcross moved T180021: Security review for extension Wikispeech from Back Orders to Incoming on the secscrum board.
Sep 23 2020, 4:17 PM · Wikispeech-Jobrunner (Sprint), User-Sebastian_Berlin-WMSE, User-kalle, User-LokalProfil, Security Readiness Reviews, secscrum, Security, Wikispeech-Text-to-Speech, Wikispeech-WMSE
Jcross moved T180021: Security review for extension Wikispeech from Incoming to Back Orders on the secscrum board.
Sep 23 2020, 4:17 PM · Wikispeech-Jobrunner (Sprint), User-Sebastian_Berlin-WMSE, User-kalle, User-LokalProfil, Security Readiness Reviews, secscrum, Security, Wikispeech-Text-to-Speech, Wikispeech-WMSE
Jcross triaged T180021: Security review for extension Wikispeech as Low priority.
Sep 23 2020, 4:16 PM · Wikispeech-Jobrunner (Sprint), User-Sebastian_Berlin-WMSE, User-kalle, User-LokalProfil, Security Readiness Reviews, secscrum, Security, Wikispeech-Text-to-Speech, Wikispeech-WMSE
Jcross added a comment to T180021: Security review for extension Wikispeech.

@Lokal_Profil - This still isn't ready for review because there are still too many unanswered questions in the task. Is there any maintenance plan with a group at WMF or a long term roadmap or support plan?

Sep 23 2020, 4:08 PM · Wikispeech-Jobrunner (Sprint), User-Sebastian_Berlin-WMSE, User-kalle, User-LokalProfil, Security Readiness Reviews, secscrum, Security, Wikispeech-Text-to-Speech, Wikispeech-WMSE

Sep 17 2020

Jcross added a comment to T262963: Security Readiness Review For geoip2/geoip2.

Hi @dbarratt - we'd appreciate it if you could please provide all of the information requested on our RFS form located here: https://phabricator.wikimedia.org/maniphest/task/edit/form/79/ We are here to answer any questions and additional information regarding our process is available here: https://www.mediawiki.org/wiki/Security/SOP/Security_Readiness_Reviews

Sep 17 2020, 6:24 PM · user-sbassett, Security, secscrum, Security Readiness Reviews, Anti-Harassment, IP Info, MediaWiki-Vendor

Sep 14 2020

Jcross moved T254948: Security Readiness Review For Enhancements to OAuth Extension from Waiting to Back Orders on the secscrum board.

Patch is merged, moving to Back Orders so that we can schedule on Wed. call. Apologies for delay, I've been out.

Sep 14 2020, 7:02 PM · Platform Team Sprints Board (Sprint 2), Platform Team Workboards (Green), secscrum, MediaWiki-extensions-OAuth, Security Readiness Reviews, Platform Team Initiatives (API Gateway)

Sep 2 2020

Jcross triaged T261248: Security review request for IRC as Low priority.
Sep 2 2020, 4:21 PM · Security Readiness Reviews, secscrum
Jcross moved T261248: Security review request for IRC from Incoming to Back Orders on the secscrum board.
Sep 2 2020, 4:21 PM · Security Readiness Reviews, secscrum
Jcross assigned T260466: Security Readiness Review For GlobalWatchlist extension to Reedy.
Sep 2 2020, 4:21 PM · MediaWiki-extensions-GlobalWatchlist, Security, secscrum, User-DannyS712, Security Readiness Reviews
Jcross lowered the priority of T247327: Combine RFS forms for Security Readiness Review and other RFS from Medium to Low.
Sep 2 2020, 4:13 PM · secscrum, Security-Team, RFS, Security Readiness Reviews
Jcross moved T247327: Combine RFS forms for Security Readiness Review and other RFS from In Progress to Waiting on the secscrum board.
Sep 2 2020, 4:12 PM · secscrum, Security-Team, RFS, Security Readiness Reviews

Aug 27 2020

Jcross assigned T260587: Security Readiness Review For Wikimedia/oauth2-server to Reedy.
Aug 27 2020, 4:54 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-Vendor, MediaWiki-extensions-OAuthRateLimiter, Platform Team Workboards (Green), Security, Security Readiness Reviews, secscrum
Jcross assigned T260588: Security Readiness Review For Adding Private Claims To OAuth Extension to Reedy.
Aug 27 2020, 4:54 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-extensions-OAuthRateLimiter, MediaWiki-extensions-OAuth, Platform Team Workboards (Green), Security, Security Readiness Reviews, secscrum
Jcross moved T260588: Security Readiness Review For Adding Private Claims To OAuth Extension from Back Orders to In Progress on the secscrum board.
Aug 27 2020, 4:49 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-extensions-OAuthRateLimiter, MediaWiki-extensions-OAuth, Platform Team Workboards (Green), Security, Security Readiness Reviews, secscrum
Jcross moved T260587: Security Readiness Review For Wikimedia/oauth2-server from Back Orders to In Progress on the secscrum board.
Aug 27 2020, 4:49 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-Vendor, MediaWiki-extensions-OAuthRateLimiter, Platform Team Workboards (Green), Security, Security Readiness Reviews, secscrum

Aug 20 2020

Jcross moved T254948: Security Readiness Review For Enhancements to OAuth Extension from Back Orders to Waiting on the secscrum board.
Aug 20 2020, 4:05 PM · Platform Team Sprints Board (Sprint 2), Platform Team Workboards (Green), secscrum, MediaWiki-extensions-OAuth, Security Readiness Reviews, Platform Team Initiatives (API Gateway)
Jcross moved T254947: Security Review Request for WikimediaApiPortalOAuth Extension from Back Orders to Waiting on the secscrum board.
Aug 20 2020, 4:04 PM · MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Platform Team Sprints Board (Sprint 5), secscrum, MediaWiki-extensions-WikimediaApiPortalOAuth, Platform Team Initiatives (API Gateway), Security Readiness Reviews, Platform Team Workboards (Green)

Aug 18 2020

Jcross added a comment to T257930: Security Readiness Review For OAuthRateLimiter.

@Clarakosi - received and we will triage and get in queue tomorrow! Thanks :)

Aug 18 2020, 5:01 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-Vendor, MediaWiki-extensions-OAuthRateLimiter, Platform Team Workboards (Green), Security, secscrum, Security Readiness Reviews

Aug 17 2020

Jcross moved T257930: Security Readiness Review For OAuthRateLimiter from Waiting to In Progress on the secscrum board.
Aug 17 2020, 4:46 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-Vendor, MediaWiki-extensions-OAuthRateLimiter, Platform Team Workboards (Green), Security, secscrum, Security Readiness Reviews
Jcross added a comment to T257930: Security Readiness Review For OAuthRateLimiter.

Hi @Clarakosi - we'll be able to start progress on this ticket, but please note that we will need a new ticket/s for the review of vendor and Oauth. Also, please note that while these new reviews do not appear to be a heavy lift, they will be new tickets in our workflow and will be triaged as such. We'll do our best to address them in a timely manner. Please let us know what your new deployment date looks like in light of this ticket being ready for review and all of the confusion sorted out only very recently, and if there is anything else I can do to help. @Reedy will be in touch with any comments or concerns as he moves forward with the ticket. Thank so much!

Aug 17 2020, 4:43 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-Vendor, MediaWiki-extensions-OAuthRateLimiter, Platform Team Workboards (Green), Security, secscrum, Security Readiness Reviews

Aug 12 2020

Jcross added a comment to T260236: Security Readiness Review For Section Translation.

Hi @Pginer-WMF - The security team took a look at this today and would like to request instructions for producing a local test environment as we won't be able to test on beta. We've noted your target deployment date and will be in touch with any additional questions. Thanks!

Aug 12 2020, 4:23 PM · user-sbassett, SectionTranslation, Security, secscrum, Security Readiness Reviews
Jcross moved T260236: Security Readiness Review For Section Translation from Incoming to Back Orders on the secscrum board.
Aug 12 2020, 4:06 PM · user-sbassett, SectionTranslation, Security, secscrum, Security Readiness Reviews
Jcross triaged T260236: Security Readiness Review For Section Translation as Medium priority.
Aug 12 2020, 4:06 PM · user-sbassett, SectionTranslation, Security, secscrum, Security Readiness Reviews

Aug 10 2020

Jcross updated subscribers of T254947: Security Review Request for WikimediaApiPortalOAuth Extension.
Aug 10 2020, 5:06 PM · MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Platform Team Sprints Board (Sprint 5), secscrum, MediaWiki-extensions-WikimediaApiPortalOAuth, Platform Team Initiatives (API Gateway), Security Readiness Reviews, Platform Team Workboards (Green)
Jcross raised the priority of T254947: Security Review Request for WikimediaApiPortalOAuth Extension from Medium to High.

Changing priority per @Naike 's request, noting that this does not move the ticket forward for the Security team. It is my understanding that we are still waiting for steps to be completed, as mentioned in previous comments.

Aug 10 2020, 4:51 PM · MW-1.36-notes (1.36.0-wmf.18; 2020-11-17), Platform Team Sprints Board (Sprint 5), secscrum, MediaWiki-extensions-WikimediaApiPortalOAuth, Platform Team Initiatives (API Gateway), Security Readiness Reviews, Platform Team Workboards (Green)

Aug 7 2020

Jcross moved T257930: Security Readiness Review For OAuthRateLimiter from Our Part Is Done to Waiting on the secscrum board.
Aug 7 2020, 6:07 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-Vendor, MediaWiki-extensions-OAuthRateLimiter, Platform Team Workboards (Green), Security, secscrum, Security Readiness Reviews

Aug 5 2020

Jcross added a comment to T257930: Security Readiness Review For OAuthRateLimiter.

@Pchelolo - thank you for the additional information. Sam will review and get back to you asap.

Aug 5 2020, 9:08 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-Vendor, MediaWiki-extensions-OAuthRateLimiter, Platform Team Workboards (Green), Security, secscrum, Security Readiness Reviews
Jcross added a comment to T257930: Security Readiness Review For OAuthRateLimiter.

Hi @Pchelolo - if you will merge we can go ahead and begin this review. Please just send a quick note when that's done. Thanks!

Aug 5 2020, 4:16 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-Vendor, MediaWiki-extensions-OAuthRateLimiter, Platform Team Workboards (Green), Security, secscrum, Security Readiness Reviews
Jcross moved T247634: [ignore] test report case from In Progress to Our Part Is Done on the secscrum board.
Aug 5 2020, 4:01 PM · secscrum

Jul 29 2020

Jcross added a comment to T257930: Security Readiness Review For OAuthRateLimiter.

Hi @WDoranWMF - we're wondering if this code is finished and ready to be reviewed? Please let us know and we will get this started. Please feel free to touch base with me or @Reedy with any questions. Thanks!

Jul 29 2020, 4:22 PM · Platform Team Sprints Board (Sprint 2), MediaWiki-Vendor, MediaWiki-extensions-OAuthRateLimiter, Platform Team Workboards (Green), Security, secscrum, Security Readiness Reviews

Jun 24 2020

Jcross assigned T254628: Security Readiness Review For Diff (diff.wikimedia.org) to Reedy.
Jun 24 2020, 7:36 PM · Privacy Engineering, secscrum, Security, Security Readiness Reviews

May 28 2020

Jcross added a project to T253901: Automate ticket removal from "Watching" column on the #Security-team Phabricator workboard after a certain timeframe: Security-Team.
May 28 2020, 6:35 PM · Peek, User-chasemp, PM, Security-Team
Jcross created T253901: Automate ticket removal from "Watching" column on the #Security-team Phabricator workboard after a certain timeframe.
May 28 2020, 6:34 PM · Peek, User-chasemp, PM, Security-Team

May 13 2020

Jcross added a comment to T252462: Performance review of WikimediaApiPortal skin.

Hi @CCicalese_WMF - I just wanted to send a quick reminder that, per our SOP, we do need a minimum of 30 days prior to a desired deployment date in order to properly resource and perform a Readiness Review.

May 13 2020, 4:23 PM · MW-1.36-notes (1.36.0-wmf.3; 2020-08-04), Patch-For-Review, MediaWiki-skins-WikimediaApiPortal, Performance-Team

Apr 8 2020

Jcross moved T246949: Security Review Request for WikimediaApiPortal Skin from Waiting to Back Orders on the secscrum board.
Apr 8 2020, 10:59 PM · Platform Team Workboards (Green), MediaWiki-skins-WikimediaApiPortal, Platform Team Initiatives (API Gateway), secscrum, Security Readiness Reviews, RFS
Jcross added a comment to T246949: Security Review Request for WikimediaApiPortal Skin.

Hi @CCicalese_WMF - thanks for the update. We'll take a look and please note that at least for deploy, our guidelines require that it is on Gerrit. We'll be in contact as our review proceeds.

Apr 8 2020, 10:58 PM · Platform Team Workboards (Green), MediaWiki-skins-WikimediaApiPortal, Platform Team Initiatives (API Gateway), secscrum, Security Readiness Reviews, RFS

Mar 31 2020

Jcross triaged T211489: Security review of bjeavons/zxcvbn-php as Medium priority.
Mar 31 2020, 5:06 PM · secscrum, Security Readiness Reviews, MediaWiki-Vendor, MediaWiki-User-login-and-signup
Jcross placed T211489: Security review of bjeavons/zxcvbn-php up for grabs.
Mar 31 2020, 5:04 PM · secscrum, Security Readiness Reviews, MediaWiki-Vendor, MediaWiki-User-login-and-signup
Jcross added a comment to T211489: Security review of bjeavons/zxcvbn-php.

Hi @Tgr - it does appear to need a re-review. We are putting in our backlog and unassigning until someone can pick it up. We're doing our best but have limited resource hours right now, so please let us know if you have any questions or concerns and we'll be in touch as we move forward. Thanks!

Mar 31 2020, 5:03 PM · secscrum, Security Readiness Reviews, MediaWiki-Vendor, MediaWiki-User-login-and-signup
Jcross moved T248483: Security Readiness Review For MediaModeration from Incoming to Back Orders on the secscrum board.
Mar 31 2020, 5:01 PM · Platform Team Initiatives (Hash Checking), MediaWiki-extensions-MediaModeration, user-sbassett, secscrum, Security, Security Readiness Reviews
Jcross moved T211489: Security review of bjeavons/zxcvbn-php from Incoming to Back Orders on the secscrum board.
Mar 31 2020, 5:01 PM · secscrum, Security Readiness Reviews, MediaWiki-Vendor, MediaWiki-User-login-and-signup

Mar 30 2020

Jcross added a comment to T248483: Security Readiness Review For MediaModeration.

Hi there @Pchelolo - we were able to take a look at this in our clinic meeting today and have noted that you are aiming for an April 30th deployment date. While we don't currently see any issues with that date, please keep in mind that our ability to review in a timely fashion is subject to change (due to world pandemic chaos, and team members being affected, etc). Please let us know of any questions or concerns and we will be in touch as we move forward.

Mar 30 2020, 5:26 PM · Platform Team Initiatives (Hash Checking), MediaWiki-extensions-MediaModeration, user-sbassett, secscrum, Security, Security Readiness Reviews

Mar 12 2020

Jcross closed T131729: Android app doesn't warn that edit will expose IP address when not logged in as Declined.

We are declining this ticket as it has been almost four years since last comment. Should new work be required please create a new ticket. Thank you!

Mar 12 2020, 9:54 PM · WMF-Legal, Privacy, Wikipedia-Android-App-Backlog, Mobile-Apps
Jcross closed T115958: Inform EU readers that we use cookies as Declined.

We are declining this ticket as it has been 2+ years since last comment. Should new work be required please create a new ticket. Thank you!

Mar 12 2020, 9:52 PM · Readers-Web-Backlog (Tracking), WMF-Legal, Privacy
Jcross closed T154912: Is User-Agent data PII when associated with Action API requests?, a subtask of T102079: Metrics about the use of the Wikimedia web APIs, as Declined.
Mar 12 2020, 9:51 PM · User-bd808, Analytics-Radar, Product-Infrastructure-Team-Backlog, Reading-Admin, Epic, DevRel-September-2015, ECT-August-2015, Research-consulting, MediaWiki-API, ECT-July-2015, Developer-Advocacy
Jcross closed T154912: Is User-Agent data PII when associated with Action API requests? as Declined.

We are declining this ticket as it has been almost three years since last comment. Should new work be required please create a new ticket. Thank you!

Mar 12 2020, 9:51 PM · Analytics-Radar, Product-Infrastructure-Team-Backlog, Privacy, WMF-Legal, Reading-Admin, MediaWiki-API, Developer-Advocacy

Mar 10 2020

Jcross triaged T246949: Security Review Request for WikimediaApiPortal Skin as Medium priority.

Hi @CCicalese_WMF and @WDoranWMF ,

Mar 10 2020, 5:29 PM · Platform Team Workboards (Green), MediaWiki-skins-WikimediaApiPortal, Platform Team Initiatives (API Gateway), secscrum, Security Readiness Reviews, RFS
Jcross moved T240472: Security review for the DiscussionTools extension from Back Orders to Our Part Is Done on the Security Readiness Reviews board.
Mar 10 2020, 5:10 PM · secscrum, Security Readiness Reviews, Editing-team, DiscussionTools
Jcross moved T187846: Security Review of Office IT Internal Account Management Tool from Back Orders to Our Part Is Done on the Security Readiness Reviews board.
Mar 10 2020, 5:10 PM · secscrum, WMF-Office-IT, Security Readiness Reviews
Jcross moved T243398: Security Readiness Review for one skin and five plugins to be used in Tech Blog based on Wordpress from In Progress to Our Part Is Done on the Security Readiness Reviews board.
Mar 10 2020, 5:09 PM · secscrum, Technical blog, Security Readiness Reviews

Mar 3 2020

Jcross triaged T246714: Security review for the minishlink/web-push PHP library as Medium priority.
Mar 3 2020, 6:12 PM · Push-Notification-Service, Patch-For-Review, secscrum, MediaWiki-Vendor, Product-Infrastructure-Team-Backlog, Security, Security Readiness Reviews
Jcross raised the priority of T246714: Security review for the minishlink/web-push PHP library from Low to Needs Triage.
Mar 3 2020, 6:12 PM · Push-Notification-Service, Patch-For-Review, secscrum, MediaWiki-Vendor, Product-Infrastructure-Team-Backlog, Security, Security Readiness Reviews
Jcross moved T246712: Security Readiness Review for push notifications infrastructure from Back Orders to Waiting on the Security Readiness Reviews board.

There is no code to review or RFC at this time and we are unable to move forward until they exist. At this time we can and will move forward with the minishlink/web-push review: https://phabricator.wikimedia.org/T246714

Mar 3 2020, 6:09 PM · user-sbassett, Push-Notification-Service, secscrum, Product-Infrastructure-Team-Backlog, Security, Security Readiness Reviews

Mar 2 2020

Jcross reassigned T242285: Create status mechanism(s) for security-team@ combining Asana and Phab from Jcross to chasemp.
Mar 2 2020, 5:03 PM · PM, Security-Team
Jcross added a comment to T242285: Create status mechanism(s) for security-team@ combining Asana and Phab.

Initial thoughts / starting point:
Team level:

Mar 2 2020, 5:03 PM · PM, Security-Team

Feb 27 2020

Jcross added a comment to T242285: Create status mechanism(s) for security-team@ combining Asana and Phab.

Didn't get to this with JB today but it is on the radar and I have a short list going. Will touch base with him about it again soon.

Feb 27 2020, 1:26 AM · PM, Security-Team

Feb 25 2020

Jcross moved T241451: Security Review For SpamRegex extension from Back Orders to Watching on the Security Readiness Reviews board.
Feb 25 2020, 6:20 PM · secscrum, Security Readiness Reviews, SpamRegex, User-DannyS712
Jcross moved T244076: Security Readiness Review For ChessBrowser extension from Back Orders to Watching on the Security Readiness Reviews board.
Feb 25 2020, 6:20 PM · Community-Tech, secscrum, ChessBrowser, Security Readiness Reviews
Jcross closed T237588: Security review for MachineVision libraries, a subtask of T237596: Add MachineVision dependencies to vendor, as Declined.
Feb 25 2020, 6:16 PM · Structured-Data-Backlog, SDC-Statements (Machine-vision-depicts), MediaWiki-Vendor, MachineVision
Jcross closed T237588: Security review for MachineVision libraries as Declined.

Marking declined as there is no actionable work at this time. Please open a new ticket when / if work is needed on this in the future.

Feb 25 2020, 6:16 PM · secscrum, Structured-Data-Backlog, SDC-Statements (Machine-vision-depicts), Security Readiness Reviews, MediaWiki-Vendor, MachineVision

Feb 24 2020

Jcross added a comment to T189541: Flush private data on Beta Cluster.

Hi @Tgr ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that Privacy work is needed here. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Feb 24 2020, 7:56 PM · Privacy, Beta-Cluster-Infrastructure
Jcross added a comment to T190246: "list" tool loads jQuery from code.jquery.com.

Hi @Legoktm ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that Privacy work is needed here. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Feb 24 2020, 7:55 PM · Privacy, Tools
Jcross added a comment to T190522: Look and Listen map uses map tiles from OSM.

Hi @TheDJ ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that Privacy work is needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Feb 24 2020, 7:54 PM · Privacy Engineering, Privacy, Tools
Jcross added a comment to T149465: UserName cookie should not be set when "remember me" is disabled.

Hi @Tgr ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Feb 24 2020, 7:47 PM · Privacy, MediaWiki-User-login-and-signup
Jcross added a comment to T173299: fill email obligatory for users who are signing up by the same IP and browser (Possible Sock puppetry).

Hi @Yamaha5 ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Feb 24 2020, 7:47 PM · Privacy, MediaWiki-User-login-and-signup
Jcross added a comment to T108505: Privacy Badger interferes with CentralAuth.

Hi @Tgr ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Feb 24 2020, 7:46 PM · Privacy Engineering, Privacy, MediaWiki-extensions-CentralAuth
Jcross updated subscribers of T89415: looking to understand how frequently mobile ISP/proxy injected http tracking headers appear in the wild.

Hi @ggellerman ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Feb 24 2020, 7:44 PM · Privacy
Jcross closed T128281: Privacy link does not point to localized policy as Declined.

Thank you, @Yurik ! Cheers

Feb 24 2020, 7:39 PM · WMF-Legal, Privacy
Jcross added a comment to T143001: Wiki sites should delete all their cookies during logout.

Hi @Yurivict ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly. Thank you!

Feb 24 2020, 7:29 PM · Privacy Engineering, Privacy, Wikimedia-General-or-Unknown
Jcross added a comment to T128281: Privacy link does not point to localized policy.

Hi @Yurik ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Feb 24 2020, 7:24 PM · WMF-Legal, Privacy
Jcross moved T103121: Automate data retention policy for search data from Intake to Done on the Privacy board.
Feb 24 2020, 7:21 PM · Discovery-Search, Privacy, Discovery, CirrusSearch