chasemp (Chase)Administrator
security eng

Projects (34)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Wednesday

  • Clear sailing ahead.

User Details

User Since
Sep 16 2014, 11:39 AM (230 w, 6 d)
Roles
Administrator
Availability
Available
IRC Nick
chasemp
LDAP User
Rush
MediaWiki User
CPettet (WMF) [ Global Accounts ]

Current: security person

Past: engineering manager, lead operations engineer, operations engineer

Local changes.
for upgrades

Recent Activity

Thu, Feb 14

chasemp added a comment to T216126: Requesting contentadmin access for 'Lucas Werkmeister (WMDE)' on Wikitech.

In this case the page needed to be updated not because the keys on any system changed, but because the hostname was changed to point to a different system (tools-sgebastion-[06→07], due to the WMCS incident).

Thu, Feb 14, 3:21 PM · cloud-services-team (Kanban), Toolforge, wikitech.wikimedia.org
chasemp triaged T216126: Requesting contentadmin access for 'Lucas Werkmeister (WMDE)' on Wikitech as Normal priority.
Thu, Feb 14, 2:42 PM · cloud-services-team (Kanban), Toolforge, wikitech.wikimedia.org
chasemp added a comment to T216126: Requesting contentadmin access for 'Lucas Werkmeister (WMDE)' on Wikitech.

I wonder if the only legitimate use case for modifying that page is accompanied by the ability to change that SSH key, and so potentially is sanest as a right limited to toolforge admins/roots.

Thu, Feb 14, 2:41 PM · cloud-services-team (Kanban), Toolforge, wikitech.wikimedia.org

Tue, Feb 12

chasemp closed T215366: Security Issue Access Request for @brennen as Resolved.
  • manager approval
  • linked wmf account
  • 2fa
  • discussed in sec team meeting
Tue, Feb 12, 4:04 PM · Security-Team, Security
chasemp closed T215366: Security Issue Access Request for @brennen, a subtask of T214556: Onboarding Brennen, as Resolved.
Tue, Feb 12, 4:04 PM · User-greg, Release-Engineering-Team (Kanban)
chasemp added a member for Security: brennen.
Tue, Feb 12, 4:03 PM
chasemp claimed T215366: Security Issue Access Request for @brennen.

I'll take care of this today or tomorrow

Tue, Feb 12, 3:47 PM · Security-Team, Security

Mon, Feb 11

chasemp added a comment to T215804: Is it fine to keep a query log for wdhqs.wmflabs.org.

Discussed this a bit on IRC and there was a good point made about the queries themselves potentially (inadvertently even) containing sensitive data:

Mon, Feb 11, 3:20 PM · Cloud-VPS, Security-Team

Fri, Feb 8

chasemp added members for Security: QuiteUnusual, Ruslik0, Rxy, Samtar, Shanmugamp7, Sjoerddebruin, Stryn, Teles, Trijnstel, alanajjar, revi.
Fri, Feb 8, 2:05 PM
chasemp added a member for Security: Pmlineditor.
Fri, Feb 8, 2:04 PM
chasemp added a member for Security: Melos.
Fri, Feb 8, 2:04 PM
chasemp added a member for Security: Matiia.
Fri, Feb 8, 2:04 PM
chasemp added a member for Security: MarcoAurelio.
Fri, Feb 8, 2:04 PM
chasemp added a member for Security: HakanIST.
Fri, Feb 8, 2:04 PM
chasemp added a member for Security: Bsadowski1.
Fri, Feb 8, 2:04 PM

Wed, Feb 6

chasemp added a comment to T177850: Page if the grid engine master is unreachable.

In theory there are tests that submit things to the grid via tools-checker
than ensure the gridmaster itself is functioning but previously we had
issues where DNS was faulty and that cascaded down IIRC so we put in some
service level checking there

Wed, Feb 6, 7:11 PM · Patch-For-Review, monitoring, Toolforge, cloud-services-team (Kanban)

Jan 16 2019

chasemp triaged T213933: PoC alert/notification functionality with Elastic Stack as Normal priority.
Jan 16 2019, 3:25 PM · Security-Team, Wikimedia-Logstash
chasemp added a comment to T213742: Onboarding David Sharpe to Security Team as Information Security Analyst.

Date: Wed Jan 16 13:10:52 2019 +0000

(rush) Add dsharpe to security@ for T213742
Jan 16 2019, 1:12 PM · Security-Team

Jan 15 2019

chasemp added a comment to T209527: Set up scratch and maps NFS services on cloudstore1008/9.

Couldn't we just remove these users from ldap? Hmm, that's a different matter though because that's not shell access, that's cloud access.

I think it goes deeper than that in so much as, we don't want any production machines looking to LDAP as authoritative for anything.

Yet another reason I think we should be virtualizing NFS servers with special configurations on the virts for them to work well.
Is it cloud? Is it not a cloudvirt? Virtualize it. ;-)

Jan 15 2019, 10:32 PM · Patch-For-Review, cloud-services-team (Kanban)
chasemp added a comment to T209527: Set up scratch and maps NFS services on cloudstore1008/9.

Couldn't we just remove these users from ldap? Hmm, that's a different matter though because that's not shell access, that's cloud access.

Jan 15 2019, 10:27 PM · Patch-For-Review, cloud-services-team (Kanban)
chasemp added a comment to T209527: Set up scratch and maps NFS services on cloudstore1008/9.

That makes sense. nfsd-ldap only works for jessie at the moment, though :-p. Might have to rebuild the package.

So basically, these are meant to have no LDAP from nsswitch, but the nfs_mountd daemon uses LD_PRELOAD to check LDAP for that one thing.

Jan 15 2019, 10:26 PM · Patch-For-Review, cloud-services-team (Kanban)
chasemp added a comment to T209527: Set up scratch and maps NFS services on cloudstore1008/9.

So to me it seems like there is LDAP client config here that is confusing the admin module, the two cannot really co-exist sanely. I have some idea of how that might happen but no time to look into it atm. The LDAP setup on the NFS servers is strictly for perms lookup and is not used by the overall host. Look at how the nfsd-ldap package works that is installed on labstore1004/5

Jan 15 2019, 10:20 PM · Patch-For-Review, cloud-services-team (Kanban)

Jan 14 2019

chasemp renamed T213742: Onboarding David Sharpe to Security Team as Information Security Analyst from Onboarding David Sharpe to Onboarding David Sharpe to Security Team as Information Security Analyst.
Jan 14 2019, 5:49 PM · Security-Team

Jan 10 2019

chasemp added a comment to T213475: Wikimedia varnish rules no longer exempt all Cloud VPS/Toolforge IPs from rate limits (HTTP 429 response).

Could a change to coming from a 172 address have effected ratelimit whitelisting?

Jan 10 2019, 10:30 PM · Patch-For-Review, Toolforge, Traffic, Operations, Cloud-VPS
chasemp added a comment to T213351: Timeboxed investigation into browser fingerprinting for anti-abuse report to WMF Board.

Pardon the pile on appearance here @TBolliger. I very much appreciate it's difficult to balance transparency and efficacy in the short term but @Bawolff for me has hit the nail on the head. Any outcome from exploring and planning will be easy to reverse engineer, but also will need to be utilized and accepted in-the-least by the members of Security and acl*stewards. If anything can be done here it's going to be beneficial to be as transparent as possible as early as possible, though I totally understand if there are issues/constraints that are not public to begin with. I assume you'll be looking at techniques such as http://valve.github.io/fingerprintjs2/ and marrying to onwiki blocking and identity correlation. To that effect...

Jan 10 2019, 3:42 PM · Anti-Harassment (Bet — ב)

Jan 9 2019

chasemp updated subscribers of T213131: New ORES model relies on translatewiki.net API, which is not hosted on WMF production.

I will bring this up in the weekly meeting for the security team but I wanted to respond briefly now, I don't know that Security-Team is a primary stakeholder here other than being generally supportive of the value add of ORES+TWN.

Jan 9 2019, 7:24 PM · Patch-For-Review, Security, Scoring-platform-team, translatewiki.net, ORES
chasemp closed T213304: create adhoc tooling repo for collab between security-team members as Resolved.

https://gerrit.wikimedia.org/r/#/c/wikimedia/security/tooling/+/483181/

Jan 9 2019, 6:53 PM · Patch-For-Review, Security-Team
chasemp edited Description on Security.
Jan 9 2019, 5:07 PM
chasemp closed T213307: Create project of [tag] type to indicate Security tasks that cannot be made public as Resolved.

Name can be bike shedded if needed :) Initial agreement in an in-person meeting was to roll with https://phabricator.wikimedia.org/project/manage/3825/ and see if it's effective/useful.

Jan 9 2019, 5:04 PM · Security-Team, Security
chasemp set the image for PermanentlyPrivate to F27834017: profile.
Jan 9 2019, 5:04 PM
chasemp changed the edit policy for PermanentlyPrivate.
Jan 9 2019, 5:03 PM
chasemp created PermanentlyPrivate.
Jan 9 2019, 5:03 PM
chasemp triaged T213307: Create project of [tag] type to indicate Security tasks that cannot be made public as Normal priority.
Jan 9 2019, 5:02 PM · Security-Team, Security
chasemp added a project to T213131: New ORES model relies on translatewiki.net API, which is not hosted on WMF production: Security.
Jan 9 2019, 4:55 PM · Patch-For-Review, Security, Scoring-platform-team, translatewiki.net, ORES
chasemp added a comment to T213304: create adhoc tooling repo for collab between security-team members.

git clone https://gerrit.wikimedia.org/r/wikimedia/security/tooling

Jan 9 2019, 4:42 PM · Patch-For-Review, Security-Team
chasemp triaged T213304: create adhoc tooling repo for collab between security-team members as Normal priority.
Jan 9 2019, 4:36 PM · Patch-For-Review, Security-Team

Jan 8 2019

chasemp closed T213151: Security Issue Access Request for Daimona as Resolved.

@Daimona thanks for jumping through all the hoops here, we are trying to make this process clearer for sure. I verified your 2fa access and this was confirmed again today by @JBennett in our weekly meeting. Let me know if you have any questions or issues.

Jan 8 2019, 4:24 PM · Security
chasemp added a member for Security: Daimona.
Jan 8 2019, 4:22 PM
chasemp claimed T213151: Security Issue Access Request for Daimona.
Jan 8 2019, 3:50 PM · Security

Jan 7 2019

chasemp updated subscribers of T208251: Modern Event Platform: Stream Intake Service: AJV usage security review.

@charlotteportero do we have everything we need here to assign this at the next meeting? I know Analytics is hoping for movement this quarter

Jan 7 2019, 9:08 PM · Security-Team-Review-Active, Security-Team, Core Platform Team Backlog (Watching / External), Services (watching), Analytics-EventLogging, EventBus, Analytics
chasemp closed T213082: Add John Bond to Security group in Phabricator as Resolved.

Done diddly-un

Jan 7 2019, 3:37 PM · Security-Team, Security
chasemp added a member for Security: jbond.
Jan 7 2019, 3:37 PM
chasemp claimed T213082: Add John Bond to Security group in Phabricator.
Jan 7 2019, 2:51 PM · Security-Team, Security

Jan 3 2019

chasemp added a comment to T212621: jalexander should be removed from security@ as his emails are bouncing.

Done. removed jalexander from security@ alias. I do wonder where the rest of the offboarding is handled though.

Jan 3 2019, 7:57 PM · Operations, Security-Team

Dec 21 2018

chasemp added a comment to T182812: Forward security@tools.wmflabs.org to security@wikimedia.org.

We could have security@tools.wmflabs.org go to the Toolforge admins

Dec 21 2018, 3:28 PM · Patch-For-Review, Toolforge, Security, Mail, Operations

Dec 20 2018

chasemp edited projects for T123243: Ability to alert when we get a sudden increase in bad passwords for privileged accounts, added: user-chasemp; removed Patch-For-Review.
Dec 20 2018, 8:46 PM · user-chasemp, Security-team-backlog, Security
chasemp renamed T123243: Ability to alert when we get a sudden increase in bad passwords for privileged accounts from Ability to alert when we get a sudden increase in bad passwords for privileged accounts, to possibly detect password brute-forcing to Ability to alert when we get a sudden increase in bad passwords for privileged accounts.
Dec 20 2018, 8:46 PM · user-chasemp, Security-team-backlog, Security
chasemp added a comment to T208529: Install docker on releases-jenkins.

Why is his a Security task?

Dec 20 2018, 8:40 PM · Release-Engineering-Team (Kanban), Patch-For-Review, MediaWiki-Releasing
chasemp added a project to T150903: Alert ops/security on many 2FA failures: user-chasemp.
Dec 20 2018, 8:25 PM · user-chasemp, Security, MediaWiki-extensions-OATHAuth, Security-Extensions, Security-Core
chasemp triaged T200766: Public monitoring of JS/CSS edits as Normal priority.
Dec 20 2018, 8:24 PM · Security, MediaWiki-Change-tagging, Security-General
chasemp changed the visibility for T159008: Determine appropriate response/guidance for Cloudbleed issue.
Dec 20 2018, 8:07 PM · Security
chasemp added a project to T176995: Monitor any sql syntax error issues, and send email alerting if they happen: user-chasemp.
Dec 20 2018, 8:05 PM · user-chasemp, Security
chasemp created user-chasemp.
Dec 20 2018, 7:30 PM

Dec 19 2018

chasemp updated subscribers of T212302: CloudVPS: upgrade: jessie -> stretch & mitaka -> newton.

+1 the debian packaging path is way too tied to OS release for a sane openstack plan long term, @Andrew and I looked at a few options over time but it seems fairly popular to use some container solution

Dec 19 2018, 4:22 PM · Patch-For-Review, cloud-services-team (Kanban)
chasemp added a comment to T212302: CloudVPS: upgrade: jessie -> stretch & mitaka -> newton.

I believe what we did for L->M was to reimage the standby of an HA pair to new Release/Openstack version and then fail over to it with a day for sanity and then reimage the now-standby-originally-active. I believe control components can seemlessly be N+1 from nova-compute at least. This /should/ hold true for Neutron as well (neutron-api as +1 from l3-agent for example) but I've never actually tested it. In theory this allows a straight stagger of control plane to Stretch/Newton.

Dec 19 2018, 4:13 PM · Patch-For-Review, cloud-services-team (Kanban)
chasemp added a comment to T212302: CloudVPS: upgrade: jessie -> stretch & mitaka -> newton.

I'm not sure, generally you can go +1 for compat tho it can come with caveats as in nova-api can be one release ahead of nova-compute but not vice versa. I wouldn't think you need mitaka at all on stretch.

Dec 19 2018, 4:00 PM · Patch-For-Review, cloud-services-team (Kanban)
chasemp added a comment to T212302: CloudVPS: upgrade: jessie -> stretch & mitaka -> newton.

I think this may help:

Dec 19 2018, 3:46 PM · Patch-For-Review, cloud-services-team (Kanban)
chasemp added a comment to T212302: CloudVPS: upgrade: jessie -> stretch & mitaka -> newton.

I think T169099 is probably relevant for matching Release/OpenStack

Dec 19 2018, 3:06 PM · Patch-For-Review, cloud-services-team (Kanban)

Dec 17 2018

chasemp closed T210667: Can exfat be used in WMF production? as Resolved.
Dec 17 2018, 9:38 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations
chasemp archived Security-Team-Review (Active).
Dec 17 2018, 6:44 PM
chasemp created Security-Team-Review-Active.
Dec 17 2018, 6:40 PM
chasemp created Security-Team-Review (Active).
Dec 17 2018, 6:40 PM
chasemp moved T149869: Security review for PageForms from Awaiting remediation to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:39 PM · Security, MediaWiki-extensions-Page_Forms, Security-Team-Reviews
chasemp moved T155087: Security review for NamespaceRelations from Awaiting remediation to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:39 PM · Security-Team-Reviews
chasemp moved T144467: Security review for Google MT for Content Translation from Awaiting remediation to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:38 PM · Core Platform Team Backlog (Watching / External), Language-Team (Language-2018-October-December), Security, CX-deployments, Language-2017-Oct-Dec, Services (watching), Parsing-Team, Language-Q1-2016-17 Sprint 6, Language-Engineering July-September 2016, Security-Team-Reviews, Security-Extensions
chasemp moved T66548: Security review indigo-depict from Waiting/Blocked to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:38 PM · Multimedia, MediaWiki-extensions-MolHandler, Security-Team-Reviews
chasemp moved T177210: Security review of Marvin from Waiting/Blocked to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:38 PM · Security-Team-Reviews, Marvin
chasemp moved T180021: Security review for extension Wikispeech from Waiting/Blocked to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:38 PM · Wikispeech-WMSE, Wikispeech
chasemp moved T163827: Security review of Ex:JsonConfig/Ex:Kartographer interaction from In Progress to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:37 PM · Security-Team-Review-Active, Reading-Infrastructure-Team-Backlog, Maps (Kartographer), MediaWiki-extensions-JsonConfig
chasemp moved T149424: Security review the Extension:WikipediaExtracts from In Progress to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:37 PM · MediaWiki-extensions-WikipediaExtracts, Security-Team-Reviews
chasemp moved T143969: Unable to mirror repository from git.legoktm.com into diffusion from In Progress to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:37 PM · Security-Team, Patch-For-Review, Striker, Phabricator
chasemp moved T176533: Re-enable stacktraces on Wikimedia wikis ($wgShowExceptionDetails = true); from In Progress to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:36 PM · Security-Team, Wikimedia-Site-requests
chasemp moved T207990: Security review for TheWikipediaLibrary extension from In Progress to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:36 PM · Security-Team-Review-Active, The-Wikipedia-Library
chasemp moved T187846: Security Review of Office IT Internal Account Management Tool from Scheduled to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:36 PM · Security-Team-Reviews
chasemp moved T201492: Security review for FormWizard extension from Scheduled to Backlog on the Security-Team-Reviews board.
Dec 17 2018, 6:36 PM · Security-Team-Review-Active, FormWizard

Dec 14 2018

chasemp renamed Security-Team-Reviews from Security-Reviews to Security-Team-Reviews.
Dec 14 2018, 8:14 PM
chasemp added a project to T211714: #Security access for aezell: Security-Team.
Dec 14 2018, 2:32 PM · Security-Team, Security
chasemp added a comment to T209972: Remove auto-fill/suggest of usernames from password reset forms.

Thank you @Tgr

Dec 14 2018, 2:06 PM · MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Patch-For-Review, Trust-and-Safety, MediaWiki-Authentication-and-authorization, MediaWiki-Special-pages, Security-Team, Security
chasemp added a comment to T211714: #Security access for aezell.

I've included this in the Security-Team weekly meeting for the 18th

Dec 14 2018, 2:05 PM · Security-Team, Security

Dec 13 2018

chasemp added a comment to T209972: Remove auto-fill/suggest of usernames from password reset forms.

Seems like consensus is that https://gerrit.wikimedia.org/r/c/mediawiki/core/+/478395 is the sanest outcome here. @Tgr anything blocking?

Dec 13 2018, 10:38 PM · MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Patch-For-Review, Trust-and-Safety, MediaWiki-Authentication-and-authorization, MediaWiki-Special-pages, Security-Team, Security
chasemp added a comment to T210329: CheckUsers have unlogged access to IP addresses via the AbuseFilter API.

@Bawolff can this task be closed now?

Dec 13 2018, 10:36 PM · MW-1.33-notes (1.33.0-wmf.8; 2018-12-11), Patch-For-Review, Privacy, AbuseFilter, Security
chasemp added a comment to T211714: #Security access for aezell.

Typically, we ask that staff in the Security group associate their Phab account with their Foo (WMF) account onwiki.

Dec 13 2018, 10:32 PM · Security-Team, Security
chasemp triaged T211714: #Security access for aezell as Normal priority.
Dec 13 2018, 10:31 PM · Security-Team, Security
chasemp added a watcher for Wikimedia-Logstash: chasemp.
Dec 13 2018, 9:52 PM
chasemp added a comment to T211822: public floating IPs for labtest?.

Part of my concern is T140369 but another part is the lack of real managed lifecycle/standards for labtest[n] instances.

Dec 13 2018, 4:10 PM · cloud-services-team (Kanban)

Dec 12 2018

chasemp added a comment to T211822: public floating IPs for labtest?.

There is a public range but to this point we made it through with using
private IPs as floating IPs which has been a fine test so far. Labtest
instances are not setup in a way that would be OK to expose them on public
IPs to my knowledge.

Dec 12 2018, 9:27 PM · cloud-services-team (Kanban)

Dec 11 2018

chasemp created P7906 (An Untitled Masterwork).
Dec 11 2018, 7:13 PM
chasemp added a comment to T207900: Enable csp-report-only mode everywhere .

Talked about this briefly today in the weekly for Security-Team and @Bawolff will respond

Dec 11 2018, 4:37 PM · Patch-For-Review, Restricted Project, Operations, Wikimedia-Site-requests, Security-Team

Dec 10 2018

chasemp added a comment to T101017: Early security release access for Lcawte (ShoutWiki).

small progress https://phabricator.wikimedia.org/T108360#4812282

Dec 10 2018, 10:40 PM · Security-Team, ShoutWiki, WMF-Legal, WMF-NDA-Requests
chasemp closed T108360: Create "security pre-announce" group in Phab (to easier allow 3rd parties who get pre-release notifications to access Security tasks) as Resolved.

https://phabricator.wikimedia.org/project/view/3764/

Dec 10 2018, 10:39 PM · Security-team-backlog, MediaWiki-Releasing, Project-Admins, Phabricator
chasemp created acl*release_security_pre_announce.
Dec 10 2018, 10:39 PM
chasemp added a comment to T209972: Remove auto-fill/suggest of usernames from password reset forms.

If we're looking to abandon https://gerrit.wikimedia.org/r/475798/, my vote would be to instead go with https://gerrit.wikimedia.org/r/478395/, as it does a good job of balancing both security and usability IMO.

Dec 10 2018, 4:29 PM · MW-1.33-notes (1.33.0-wmf.9; 2018-12-18), Patch-For-Review, Trust-and-Safety, MediaWiki-Authentication-and-authorization, MediaWiki-Special-pages, Security-Team, Security

Dec 6 2018

chasemp added a comment to T207900: Enable csp-report-only mode everywhere .

Good points @Aklapper. I am not sure if this wording is ours or default. I am making a note to discuss with Security-Team. One question, I have done some testing of triggering our CSP policy and I don't see this language surface in the UI. Where are people seeing this?

Dec 6 2018, 11:31 AM · Patch-For-Review, Restricted Project, Operations, Wikimedia-Site-requests, Security-Team

Dec 3 2018

chasemp updated subscribers of T210667: Can exfat be used in WMF production?.

I want to acknowledge a few things:

Dec 3 2018, 5:45 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations

Nov 30 2018

chasemp added a member for Security: CDanis.
Nov 30 2018, 7:31 PM
chasemp updated subscribers of T189641: Service for checking the Pwned Passwords database.

Adding @JBennett as I see he raised concern with the ihaveibeenpwned work in related https://phabricator.wikimedia.org/T210192#4786955

Nov 30 2018, 6:46 PM · Core Platform Team Backlog (Watching / External), Services (watching), User-Tgr, WMF-Legal, Patch-For-Review, Security, MediaWiki-User-login-and-signup, MediaWiki-Authentication-and-authorization, Security-General
chasemp added a comment to T210667: Can exfat be used in WMF production?.

In this case specifically, my thinking was that I had agreement and understanding with another Opsen, a manager in Tech, a director in Tech and a couple more knowledgeable and engaged parties in real time right before (as review of action). I installed the package with a !log so it would be recorded in the right place and a ping to one of the Opsen who works in that specific area.

Totally -- and I didn't mean to imply that this didn't happen!

To clarify, I'm trying to say: a) generally speaking those L3 responsibilities still exist and make sense and we're not saying -implicity or explicitly- that it's OK to bypass them (this isn't what happened here) and b) we should (collectively) strive to document these things in the future, for the benefit of others outside of the private email threads and Hangouts, to avoid the appearance that things have happened outside of those processes and/or without a good reason (when in fact they have been!). Does this make more sense?

Nov 30 2018, 5:40 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations
chasemp added a comment to T210667: Can exfat be used in WMF production?.

Thanks @faidon for weighing in, I think you got right to the heart of it. Not responding to you necessarily but I'm going to steal the 3 point breakdown as it makes sense to me. I don't feel empowered to relate much of the detail for history here, but I do value this conversation and want to respond.

Nov 30 2018, 5:25 PM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations

Nov 29 2018

chasemp created security_assessment_mobile_2018.
Nov 29 2018, 6:26 PM
chasemp updated subscribers of T210667: Can exfat be used in WMF production?.

Small bit of background from my perspective, I had discussed this on hangout with a few folks who I will let acknowledge their own level of approval. I used !log and pinged @elukey with the intention of uninstalling post work-at-hand. Nothing here was me intending to take unilateral action or circumvent process. I really am under the impression that Debian main has nothing which would be incompatible with WMF prod infrastructure. I have no particular affection for exfat, and would much prefer to be able to use ext[34] but have been assured that is not a possibility. If there are legal issues here I'm glad @Legoktm flagged it.

Nov 29 2018, 1:18 AM · Security-Team, Analytics, Software-Licensing, WMF-Legal, Operations