@DannyS712 I've just spoken with @Reedy and at this point "by the end of the quarter" is what we are in a position to commit to. We appreciate that the grant was scheduled for the end of November, but I'm afraid we are still limited by pandemic resourcing, such as it is.

@Aklapper what magic did you work? I just got 5 verification emails :)

Thanks so much for working on this. When you get to step #5 above - where you receive an email to the new address? I never get that email.

@JTannerWMF - we've taken a look and would appreciate it if you would fill out the Security Readiness Review form. Thanks!

@Aklapper I am seeing both -ctr as primary and jcross as added but needing verification. I've clicked "verify" several times over several days and never received anything.

Hi @nnikkhoui - we were told that you are the new contact for both this ticket and https://phabricator.wikimedia.org/T257734. We're wondering if there are any changes we need to know about and whether you have a new deployment timeline? Thanks so much.

Hi @CKoerner_WMF - we just wanted to touch base as this is noted as a November target deployment date. With all of the holidays this month and a somewhat reduced capacity, we are looking to complete this towards the end of the month. We hope that works for your timeline?

HI @MusikAnimal - we've had a few bumps in the road recently and we do plan to complete it this quarter. We'll be in touch with any questions or concerns and we apologize for the delay.

Hi @Tchanders - we've moved this ticket to In Progress and I believe we are planning on having feedback for you in the next two weeks. Please let us know if you have any questions as we move forward. Thanks!

Hey @WDoranWMF - this looks good and we hope to get it assigned shortly.

@Niharika this is currently stalled and we will have a more complete update soon.

@Lokal_Profil Thank you, sorry we missed that.

Hey @WDoranWMF Is the extension in a stable reviewable state?

@Lokal_Profil There are a few processes we are unable to find evidence of having been followed, and we'd be happy to provide those if you'd like - but it's largely the issue of there being no path to production that will necessitate us prioritizing this review as "Low". We simply do not have the resources to spend on reviews that do not have support plans already in place. This does not mean that we are declining, but that reviews with a support plan in place will always be worked on first. Please let us know if anything changes and we will reconsider priority.

@Lokal_Profil - This still isn't ready for review because there are still too many unanswered questions in the task. Is there any maintenance plan with a group at WMF or a long term roadmap or support plan?

Hi @dbarratt - we'd appreciate it if you could please provide all of the information requested on our RFS form located here: https://phabricator.wikimedia.org/maniphest/task/edit/form/79/ We are here to answer any questions and additional information regarding our process is available here: https://www.mediawiki.org/wiki/Security/SOP/Security_Readiness_Reviews

Patch is merged, moving to Back Orders so that we can schedule on Wed. call. Apologies for delay, I've been out.

@Clarakosi - received and we will triage and get in queue tomorrow! Thanks :)

Hi @Clarakosi - we'll be able to start progress on this ticket, but please note that we will need a new ticket/s for the review of vendor and Oauth. Also, please note that while these new reviews do not appear to be a heavy lift, they will be new tickets in our workflow and will be triaged as such. We'll do our best to address them in a timely manner. Please let us know what your new deployment date looks like in light of this ticket being ready for review and all of the confusion sorted out only very recently, and if there is anything else I can do to help. @Reedy will be in touch with any comments or concerns as he moves forward with the ticket. Thank so much!

Hi @Pginer-WMF - The security team took a look at this today and would like to request instructions for producing a local test environment as we won't be able to test on beta. We've noted your target deployment date and will be in touch with any additional questions. Thanks!

Changing priority per @Naike 's request, noting that this does not move the ticket forward for the Security team. It is my understanding that we are still waiting for steps to be completed, as mentioned in previous comments.

@Pchelolo - thank you for the additional information. Sam will review and get back to you asap.

Hi @Pchelolo - if you will merge we can go ahead and begin this review. Please just send a quick note when that's done. Thanks!

Hi @WDoranWMF - we're wondering if this code is finished and ready to be reviewed? Please let us know and we will get this started. Please feel free to touch base with me or @Reedy with any questions. Thanks!

Hi @CCicalese_WMF - I just wanted to send a quick reminder that, per our SOP, we do need a minimum of 30 days prior to a desired deployment date in order to properly resource and perform a Readiness Review.

Hi @CCicalese_WMF - thanks for the update. We'll take a look and please note that at least for deploy, our guidelines require that it is on Gerrit. We'll be in contact as our review proceeds.

Hi @Tgr - it does appear to need a re-review. We are putting in our backlog and unassigning until someone can pick it up. We're doing our best but have limited resource hours right now, so please let us know if you have any questions or concerns and we'll be in touch as we move forward. Thanks!

Hi there @Pchelolo - we were able to take a look at this in our clinic meeting today and have noted that you are aiming for an April 30th deployment date. While we don't currently see any issues with that date, please keep in mind that our ability to review in a timely fashion is subject to change (due to world pandemic chaos, and team members being affected, etc). Please let us know of any questions or concerns and we will be in touch as we move forward.

We are declining this ticket as it has been almost four years since last comment. Should new work be required please create a new ticket. Thank you!

We are declining this ticket as it has been 2+ years since last comment. Should new work be required please create a new ticket. Thank you!

We are declining this ticket as it has been almost three years since last comment. Should new work be required please create a new ticket. Thank you!

Hi @CCicalese_WMF and @WDoranWMF ,

There is no code to review or RFC at this time and we are unable to move forward until they exist. At this time we can and will move forward with the minishlink/web-push review: https://phabricator.wikimedia.org/T246714

Initial thoughts / starting point:
Team level:

Didn't get to this with JB today but it is on the radar and I have a short list going. Will touch base with him about it again soon.

Marking declined as there is no actionable work at this time. Please open a new ticket when / if work is needed on this in the future.

Hi @Tgr ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that Privacy work is needed here. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Hi @Legoktm ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that Privacy work is needed here. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Hi @TheDJ ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that Privacy work is needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Hi @Tgr ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Hi @Yamaha5 ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Hi @Tgr ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Hi @ggellerman ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.

Thank you, @Yurik ! Cheers

Hi @Yurivict ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly. Thank you!

Hi @Yurik ! Security is working on cleaning up our boards a bit and we would appreciate confirmation that this Privacy work is still needed. We were hoping you could take a look and let us know? If you would like to move forward we will ensure it is triaged and assigned accordingly.