Tue, Feb 14
@Reedy, I think this is a good idea for people working with a local repo who are unfamiliar with our projects.
Wed, Feb 8
Tue, Feb 7
@Dereckson I'd like to schedule this soon but we need more information. Can you update the description? You can find a template for Phabricator at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review.
Fri, Feb 3
This has been completed. https://phabricator.wikimedia.org/source/OIT-LDAP-Tools/
Wed, Feb 1
Tue, Jan 31
Discussed last week and approved. Thanks @Ejegg. You should have access now.
@bd808 -- Can you take a look at this?
Mon, Jan 30
@Bawolff No issues were found beyond those already discussed in other tickets. Once those are resolved, this extension can be deployed.
@MarkTraceur Looks good. Thanks!
Fri, Jan 27
Tue, Jan 24
Jan 4 2017
Jan 3 2017
Dec 21 2016
Just adding this e-mail snippet from @Legoktm from Dec. 14th as a reminder to myself (or whomever) that this still needs to go through formal review:
To clarify, this ticket is requesting review of Redux not Hovercards, correct?
Dec 20 2016
Dec 7 2016
Nov 30 2016
Nov 29 2016
Can this be closed?
Nov 23 2016
@Bawolff, can you take a look at this?
Nov 22 2016
Nov 21 2016
Nov 17 2016
Nov 16 2016
Nov 15 2016
So, the thinking here is that we are mitigating exposure of old, non-upgraded password hashes correct?
Nov 14 2016
Hello all. For now, it appears that the attacker has ceased attempting to compromise accounts. We are still investigating prior instances and are not yet ready to provide a report. Once we are ready, that report will likely be in a format similar to what @MZMcBride described above. We thank everyone who has worked to remediate the issues occurring over the past few days and we will update you as soon as we can.
Nov 10 2016
This should be separate from Security. We track vulnerability metrics using the Security tag and the tasks created for the SIEM project should not be included in those metrics. Additionally, at this point, the tag is being used to notate a specific project that requires some collaboration across teams. At this point, only Foundation employees are working on this project so it's fine to reference Office Wiki for more information.
Nov 8 2016
This has been reviewed and no major issues were found.