dpatrick (Darian Anthony Patrick)
User

User Details

User Since
May 19 2015, 9:05 PM (96 w, 3 d)
Availability
LDAP User
Unknown
MediaWiki User
DPatrick (WMF)

Recent Activity

Yesterday

dpatrick moved T161356: Security review of Mailvelope from Backlog to In Progress on the Security-Reviews board.
Fri, Mar 24, 10:59 PM · Security-Reviews
dpatrick added a comment to T161356: Security review of Mailvelope.

Created retroactively to capture content of e-mail response from @tstarling.

Fri, Mar 24, 10:59 PM · Security-Reviews
dpatrick created T161356: Security review of Mailvelope.
Fri, Mar 24, 10:58 PM · Security-Reviews

Wed, Mar 22

dpatrick added a comment to T108687: Security review for CodeMirror extension branch master.

@kaldari, can you update the description of this ticket and add the info requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Once that's done, I'll get this scheduled.

Wed, Mar 22, 5:43 PM · Community-Tech, Security-Reviews, MediaWiki-extensions-CodeMirror

Tue, Mar 21

dpatrick moved T159519: Investigate security concerns on enabling OAuth or BotPasswords for stewardwiki from Backlog to Other WMF team on the Security board.
Tue, Mar 21, 8:25 PM · Security-Extensions, Security-Team, Security
dpatrick added a comment to T154695: Review 2FA login on iOS app.

@JMinor, I just rescheduled this for this week and next. I'll contact you off-Phab to schedule a review commencement meeting.

Tue, Mar 21, 7:40 PM · Wikipedia-iOS-App-Backlog, Security-Reviews
dpatrick changed the start date for E503: Security review of 2FA login on iOS app from Mon, Mar 13 to Mon, Mar 20.
Tue, Mar 21, 7:39 PM · Security-Reviews
dpatrick added a comment to T99358: [Task] Security review of Wikibase-Quality-External-Validation branch master.

@Lydia_Pintscher, can you give us an update on this ticket?

Tue, Mar 21, 7:37 PM · Patch-For-Review, Wikibase-Quality, Security-Team, Wikidata, Security-Reviews, Wikibase-Quality-External-Validation
dpatrick added a comment to T145966: Security review for Extension:DeleteBatch.

@Legoktm, @MarcoAurelio can you give an update on the status of the extension? Is it ready to review now? If now, I say we close this ticket as invalid and create another at a later date should the module prove ready for review and likely to be deployed.

Tue, Mar 21, 7:36 PM · Security-Reviews
dpatrick added a comment to T149424: Security review the Extension:WikipediaExtracts.

@Sophivorus, @Dereckson, is this security review still needed?

Tue, Mar 21, 7:31 PM · MediaWiki-extensions-WikipediaExtracts, Security-Reviews
dpatrick moved T160982: WIP Security review for FileImporter extension from Backlog to Waiting/Blocked on the Security-Reviews board.
Tue, Mar 21, 7:29 PM · User-Addshore, WMDE-QWERTY-Team-Board, Security-Reviews
dpatrick added a comment to T159519: Investigate security concerns on enabling OAuth or BotPasswords for stewardwiki.

@MarcoAurelio, the Security team concurs with @Anomie. The main reason is not related to security concerns. We're okay with OAuth and BotPasswords on these wikis.

Tue, Mar 21, 7:27 PM · Security-Extensions, Security-Team, Security
dpatrick added a comment to T159709: Security review for WikibaseMediaInfo extension.

@Lydia_Pintscher, can you update the description of this ticket with the information requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Thanks!

Tue, Mar 21, 4:11 PM · Wikidata, Structured-Multimedia-Data, Security-Reviews

Tue, Feb 28

dpatrick closed T158840: Security Issue Access Request for Nikerabbit as "Resolved".

Approved! Thanks for all of your attentiveness thus far, and we're glad to have in Security.

Tue, Feb 28, 9:16 PM · Security
dpatrick added a member for Security: Nikerabbit.
Tue, Feb 28, 9:15 PM

Fri, Feb 24

dpatrick moved T151798: add subdomain for annual report 2016 from Backlog to Done on the Security-Reviews board.
Fri, Feb 24, 8:39 PM · Patch-For-Review, Security-Reviews, Operations, Annual-Report
dpatrick added a comment to T151798: add subdomain for annual report 2016.

I've reviewed both content and technical implementation of the 2016 Annual Report and found no major security problems. Here are a few notes on minor things:

  • "amoritization" on 2016/financials.html may be misspelled
  • In the video at the bottom of 2016/what-we-stand-for.html, at approx. 1:21, is it okay to show the list of users who have visited the office?
  • Use of Katherine and Jimmy's signatures may be useful in instances an attacker requires a signature on a physical form as part of a further attack. (I say this realizing that we've probably published Katherine and Jimmy's signatures before.)
Fri, Feb 24, 8:39 PM · Patch-For-Review, Security-Reviews, Operations, Annual-Report
dpatrick added a project to T151798: add subdomain for annual report 2016: Security-Reviews.
Fri, Feb 24, 12:55 AM · Patch-For-Review, Security-Reviews, Operations, Annual-Report

Feb 22 2017

dpatrick changed the start date for E505: Security review of NamespaceRelations from Mon, Mar 6 to Mon, Mar 13.
Feb 22 2017, 9:40 PM · Security-Reviews
dpatrick changed the start date for E504: Security review of Timeless skin from Mon, Mar 6 to Mon, Mar 13.
Feb 22 2017, 9:40 PM · Security-Reviews
dpatrick moved T158661: Security review for FileExporter extension from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 7:42 PM · Patch-For-Review, Security-Reviews, User-Addshore, WMDE-QWERTY-Team-Board
dpatrick updated subscribers of E506: Security review for Extension:FileExporter.
Feb 22 2017, 7:42 PM · Security-Reviews
dpatrick created E506: Security review for Extension:FileExporter.
Feb 22 2017, 7:42 PM · Security-Reviews
dpatrick moved T155087: Security review for NamespaceRelations from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 7:38 PM · Security-Reviews
dpatrick updated subscribers of E505: Security review of NamespaceRelations.
Feb 22 2017, 7:37 PM · Security-Reviews
dpatrick created E505: Security review of NamespaceRelations.
Feb 22 2017, 7:36 PM · Security-Reviews
dpatrick moved T158011: Security review for Timeless skin from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 7:35 PM · Patch-For-Review, Timeless, Security-Reviews
dpatrick updated subscribers of E504: Security review of Timeless skin.
Feb 22 2017, 7:34 PM · Security-Reviews
dpatrick removed invites for E504: Security review of Timeless skin: dpatrick.
Feb 22 2017, 7:34 PM · Security-Reviews
dpatrick removed invites for E500: Security review of StopForumSpam: dpatrick.
Feb 22 2017, 7:34 PM · Security-Reviews
dpatrick removed invites for E502: Security review of Anniversaries Endpoint: dpatrick.
Feb 22 2017, 7:34 PM · Security-Reviews
dpatrick changed the start date for E484: Security review of Extension:3d from Feb 6 2017 to Feb 20 2017.
Feb 22 2017, 7:33 PM · Security-Reviews
dpatrick removed invites for E485: Security review of Extension:PageForms: dpatrick.
Feb 22 2017, 7:33 PM · Security-Reviews
dpatrick removed invites for E484: Security review of Extension:3d: dpatrick.
Feb 22 2017, 7:32 PM · Security-Reviews
dpatrick updated the invite list for E486: Security Review of Trending Edits Endpoint, invited: Bawolff; uninvited: dpatrick.
Feb 22 2017, 7:32 PM · Security-Reviews
dpatrick created E504: Security review of Timeless skin.
Feb 22 2017, 7:29 PM · Security-Reviews
dpatrick updated subscribers of E486: Security Review of Trending Edits Endpoint.
Feb 22 2017, 7:10 PM · Security-Reviews
dpatrick updated subscribers of E484: Security review of Extension:3d.
Feb 22 2017, 7:10 PM · Security-Reviews
dpatrick added invites for E485: Security review of Extension:PageForms: Bawolff.
Feb 22 2017, 7:09 PM · Security-Reviews
dpatrick updated subscribers of E502: Security review of Anniversaries Endpoint.
Feb 22 2017, 7:09 PM · Security-Reviews
dpatrick updated subscribers of E501: Security review of CollaborationKit.
Feb 22 2017, 7:09 PM · Security-Reviews
dpatrick updated subscribers of E500: Security review of StopForumSpam.
Feb 22 2017, 7:09 PM · Security-Reviews
dpatrick updated subscribers of E503: Security review of 2FA login on iOS app.
Feb 22 2017, 7:08 PM · Security-Reviews
dpatrick moved T154695: Review 2FA login on iOS app from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 7:08 PM · Wikipedia-iOS-App-Backlog, Security-Reviews
dpatrick added a comment to T154695: Review 2FA login on iOS app.

@JMinor, this review has been scheduled for the week of March 13th. Does this work for your deployment schedule? Also, can you provide documentation of setting up a test environment?

Feb 22 2017, 7:07 PM · Wikipedia-iOS-App-Backlog, Security-Reviews
dpatrick created E503: Security review of 2FA login on iOS app.
Feb 22 2017, 7:06 PM · Security-Reviews
dpatrick added a comment to T155087: Security review for NamespaceRelations.

Hi @Nemo_bis, could you update the description of this ticket and add the information requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Thanks!

Feb 22 2017, 7:03 PM · Security-Reviews
dpatrick moved T153088: Security Review of On This Day Endpoint from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 6:58 PM · Reading Epics (New Feed Content), Mobile-Content-Service (Kanban), Security-Reviews
dpatrick changed the start date for E500: Security review of StopForumSpam from Feb 20 2017 to Mon, Feb 27.
Feb 22 2017, 6:58 PM · Security-Reviews
dpatrick created E502: Security review of Anniversaries Endpoint.
Feb 22 2017, 6:56 PM · Security-Reviews
dpatrick added invites for E484: Security review of Extension:3d: Reedy.
Feb 22 2017, 6:50 PM · Security-Reviews
dpatrick added invites for E501: Security review of CollaborationKit: Reedy.
Feb 22 2017, 6:48 PM · Security-Reviews
dpatrick created E501: Security review of CollaborationKit.
Feb 22 2017, 6:46 PM · Security-Reviews
dpatrick created E500: Security review of StopForumSpam.
Feb 22 2017, 6:43 PM · Security-Reviews
dpatrick moved T155725: Security review for StopForumSpam from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 6:37 PM · MediaWiki-extensions-StopForumSpam, Stewards-and-global-tools, Security-Reviews
dpatrick moved T138324: Security review for CollaborationKit from Backlog to Scheduled on the Security-Reviews board.
Feb 22 2017, 6:37 PM · MediaWiki-extensions-CollaborationKit, Security-Reviews

Feb 14 2017

dpatrick triaged T158119: Add Security.md to MediaWiki Core? as "Normal" priority.
Feb 14 2017, 9:41 PM · MediaWiki-Documentation, Documentation, Security-Team, Security
dpatrick added a comment to T158119: Add Security.md to MediaWiki Core?.

@Reedy, I think this is a good idea for people working with a local repo who are unfamiliar with our projects.

Feb 14 2017, 9:41 PM · MediaWiki-Documentation, Documentation, Security-Team, Security
dpatrick awarded T158119: Add Security.md to MediaWiki Core? a Like token.
Feb 14 2017, 9:36 PM · MediaWiki-Documentation, Documentation, Security-Team, Security
dpatrick moved T138324: Security review for CollaborationKit from Waiting/Blocked to Backlog on the Security-Reviews board.
Feb 14 2017, 9:21 PM · MediaWiki-extensions-CollaborationKit, Security-Reviews

Feb 8 2017

dpatrick changed the start date for E430: Security Review: Internal File Server configuration and access from Jan 30 2017 to Feb 13 2017.
Feb 8 2017, 6:36 PM · Security-Reviews

Feb 7 2017

dpatrick renamed E485: Security review of Extension:PageForms from Security review for Extension:PageForms to Security review of Extension:PageForms.
Feb 7 2017, 5:38 PM · Security-Reviews
dpatrick moved T157077: Security review of Extension:3d from Backlog to Scheduled on the Security-Reviews board.
Feb 7 2017, 5:35 PM · 3d, Security-Reviews
dpatrick moved T141474: Automatic start of authentication workflow for link provider (if it's the only available one) from Backlog to In Progress on the Security-Reviews board.
Feb 7 2017, 5:35 PM · Security-Reviews, Patch-For-Review, MediaWiki-Authentication-and-authorization
dpatrick moved T153087: Security Review of Trending Edits Endpoint from Backlog to Scheduled on the Security-Reviews board.
Feb 7 2017, 5:34 PM · Reading Epics (Trending Edits), Reading-Web-Trending-Service, Security-Reviews
dpatrick created E486: Security Review of Trending Edits Endpoint.
Feb 7 2017, 5:33 PM · Security-Reviews
dpatrick created E485: Security review of Extension:PageForms.
Feb 7 2017, 5:24 PM · Security-Reviews
dpatrick created E484: Security review of Extension:3d.
Feb 7 2017, 5:13 PM · Security-Reviews

Feb 3 2017

dpatrick created E481: Security review of OIT LDAP User Management Tool.
Feb 3 2017, 12:41 AM · Security-Reviews
dpatrick closed T156958: Repository request: OIT-LDAP-Tools as "Resolved".

This has been completed. https://phabricator.wikimedia.org/source/OIT-LDAP-Tools/

Feb 3 2017, 12:30 AM · Repository-Admins

Feb 1 2017

dpatrick edited the description of T156958: Repository request: OIT-LDAP-Tools.
Feb 1 2017, 8:13 PM · Repository-Admins
dpatrick created T156958: Repository request: OIT-LDAP-Tools.
Feb 1 2017, 8:12 PM · Repository-Admins

Jan 31 2017

dpatrick closed T155867: Security Issue Access Request for Ejegg as "Resolved".

Discussed last week and approved. Thanks @Ejegg. You should have access now.

Jan 31 2017, 9:46 PM · Security
dpatrick added a member for Security: Ejegg.
Jan 31 2017, 9:45 PM
dpatrick triaged T156343: striker does not (?) honour TitleBlacklist for shell names as "Unbreak Now!" priority.
Jan 31 2017, 9:36 PM · Striker, Tool-Labs, Labs, Security
dpatrick added a comment to T156343: striker does not (?) honour TitleBlacklist for shell names.

@bd808 -- Can you take a look at this?

Jan 31 2017, 9:36 PM · Striker, Tool-Labs, Labs, Security
dpatrick triaged T155867: Security Issue Access Request for Ejegg as "Normal" priority.
Jan 31 2017, 9:27 PM · Security

Jan 30 2017

dpatrick added a comment to T155265: LiquidThreads denial of service due to unvalidated limit parameter.

Deployed to the cluster now

Jan 30 2017, 11:45 PM · MW-1.29-release (WMF-deploy-2017-01-24_(1.29.0-wmf.9)), Patch-For-Review, MediaWiki-extensions-LiquidThreads, Security-Extensions, Vuln-DoS, Security
dpatrick changed the start date for E430: Security Review: Internal File Server configuration and access from Jan 23 2017 to Jan 30 2017.
Jan 30 2017, 11:29 PM · Security-Reviews
dpatrick moved T140167: Security Review of LoginNotify extension from Waiting/Blocked to Done on the Security-Reviews board.
Jan 30 2017, 11:28 PM · MediaWiki-extensions-LoginNotify, Security-Reviews
dpatrick moved T140167: Security Review of LoginNotify extension from Scheduled to Waiting/Blocked on the Security-Reviews board.
Jan 30 2017, 11:25 PM · MediaWiki-extensions-LoginNotify, Security-Reviews
dpatrick added a comment to T140167: Security Review of LoginNotify extension.

@Bawolff No issues were found beyond those already discussed in other tickets. Once those are resolved, this extension can be deployed.

Jan 30 2017, 11:24 PM · MediaWiki-extensions-LoginNotify, Security-Reviews
dpatrick created E477: Security review of OIT LDAP Password Change Page.
Jan 30 2017, 11:18 PM · Security-Reviews
dpatrick changed the end date for E433: Security Review of Popups extension library from Feb 3 2017 to Jan 27 2017.
Jan 30 2017, 11:16 PM · Security-Reviews
dpatrick removed invites for E433: Security Review of Popups extension library: dpatrick.
Jan 30 2017, 11:16 PM · Security-Reviews
dpatrick closed T132063: Security review of 3d2png, a subtask of T132058: 3d extension supporting STL (3d printing files), as "Resolved".
Jan 30 2017, 8:54 PM · User-notice, MW-1.28-release-notes, 3d, Wikimedia-Hackathon-2016, Reading-Community-Engagement, MediaWiki-File-management, Commons, Editing-Department, Multimedia
dpatrick closed T132063: Security review of 3d2png as "Resolved".
Jan 30 2017, 8:54 PM · Patch-For-Review, 3d, Security-Reviews
dpatrick added a comment to T132063: Security review of 3d2png.

@MarkTraceur Looks good. Thanks!

Jan 30 2017, 8:54 PM · Patch-For-Review, 3d, Security-Reviews

Jan 27 2017

dpatrick created E476: Security review of Newsletter extension.
Jan 27 2017, 8:50 PM · Security-Reviews

Jan 24 2017

dpatrick added a project to T155265: LiquidThreads denial of service due to unvalidated limit parameter: Vuln-DoS.
Jan 24 2017, 10:02 PM · MW-1.29-release (WMF-deploy-2017-01-24_(1.29.0-wmf.9)), Patch-For-Review, MediaWiki-extensions-LiquidThreads, Security-Extensions, Vuln-DoS, Security
dpatrick triaged T155265: LiquidThreads denial of service due to unvalidated limit parameter as "Normal" priority.
Jan 24 2017, 10:02 PM · MW-1.29-release (WMF-deploy-2017-01-24_(1.29.0-wmf.9)), Patch-For-Review, MediaWiki-extensions-LiquidThreads, Security-Extensions, Vuln-DoS, Security
dpatrick triaged T156184: Consider making rawHTML mode not apply to system messages as "Normal" priority.
Jan 24 2017, 9:45 PM · Patch-For-Review, MediaWiki-Interface, Security

Jan 4 2017

dpatrick changed the start date for E430: Security Review: Internal File Server configuration and access from Jan 3 2017 to Jan 23 2017.
Jan 4 2017, 6:38 PM · Security-Reviews
dpatrick changed the start date for E434: Security review for TwoColConflict extension from Jan 3 2017 to Dec 19 2016.
Jan 4 2017, 6:37 PM · Security-Reviews

Jan 3 2017

dpatrick updated subscribers of T153948: thumbnail script should respect imgAuthBeforeStream.

Thanks @MarkAHershberger. @Bawolff, will you review Mark's patch?

Jan 3 2017, 9:26 PM · Security, MediaWiki-General-or-Unknown, Patch-For-Review
dpatrick triaged T153948: thumbnail script should respect imgAuthBeforeStream as "High" priority.
Jan 3 2017, 9:26 PM · Security, MediaWiki-General-or-Unknown, Patch-For-Review

Dec 21 2016

dpatrick added a comment to T125338: Security and compliance with the Privacy Policy review of Extension:StopForumSpam to consider deployment on WMF wikis.

Just adding this e-mail snippet from @Legoktm from Dec. 14th as a reminder to myself (or whomever) that this still needs to go through formal review:

Dec 21 2016, 3:12 AM · Security-Reviews, MediaWiki-extensions-StopForumSpam, Support-and-Safety, WMF-Legal
dpatrick changed the start date for E434: Security review for TwoColConflict extension from Feb 6 2017 to Jan 3 2017.
Dec 21 2016, 2:50 AM · Security-Reviews
dpatrick created E434: Security review for TwoColConflict extension.
Dec 21 2016, 2:46 AM · Security-Reviews
dpatrick moved T151902: Security Review of Popups extension library from Backlog to Scheduled on the Security-Reviews board.
Dec 21 2016, 1:47 AM · Page-Previews (2016-17-Q3-Goal), Reading-Web-Backlog, Security-Reviews