Created retroactively to capture content of e-mail response from @tstarling.
Wed, Mar 22
@kaldari, can you update the description of this ticket and add the info requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Once that's done, I'll get this scheduled.
Tue, Mar 21
@JMinor, I just rescheduled this for this week and next. I'll contact you off-Phab to schedule a review commencement meeting.
@Lydia_Pintscher, can you give us an update on this ticket?
@Legoktm, @MarcoAurelio can you give an update on the status of the extension? Is it ready to review now? If now, I say we close this ticket as invalid and create another at a later date should the module prove ready for review and likely to be deployed.
@Lydia_Pintscher, can you update the description of this ticket with the information requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Thanks!
Tue, Feb 28
Approved! Thanks for all of your attentiveness thus far, and we're glad to have in Security.
Fri, Feb 24
I've reviewed both content and technical implementation of the 2016 Annual Report and found no major security problems. Here are a few notes on minor things:
- "amoritization" on 2016/financials.html may be misspelled
- In the video at the bottom of 2016/what-we-stand-for.html, at approx. 1:21, is it okay to show the list of users who have visited the office?
- Use of Katherine and Jimmy's signatures may be useful in instances an attacker requires a signature on a physical form as part of a further attack. (I say this realizing that we've probably published Katherine and Jimmy's signatures before.)
Feb 22 2017
@JMinor, this review has been scheduled for the week of March 13th. Does this work for your deployment schedule? Also, can you provide documentation of setting up a test environment?
Hi @Nemo_bis, could you update the description of this ticket and add the information requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Thanks!
Feb 14 2017
@Reedy, I think this is a good idea for people working with a local repo who are unfamiliar with our projects.
Feb 8 2017
Feb 7 2017
Feb 3 2017
This has been completed. https://phabricator.wikimedia.org/source/OIT-LDAP-Tools/
Feb 1 2017
Jan 31 2017
Discussed last week and approved. Thanks @Ejegg. You should have access now.
@bd808 -- Can you take a look at this?
Jan 30 2017
@Bawolff No issues were found beyond those already discussed in other tickets. Once those are resolved, this extension can be deployed.
@MarkTraceur Looks good. Thanks!
Jan 27 2017
Jan 24 2017
Jan 4 2017
Jan 3 2017
Dec 21 2016
Just adding this e-mail snippet from @Legoktm from Dec. 14th as a reminder to myself (or whomever) that this still needs to go through formal review: