[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-08-28 Thread darthmon_wmde 
darthmon_wmde added a comment.


  In T249039#6400360 , 
@sbassett wrote:
  
  > @darthmon_wmde - I assume there are no further questions about my above 
explanation?  I'll plan to resolve this task for now.  We can create new tasks 
for any additional, more focused follow-ups.
  
  yes, thanks a lot @sbassett !

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett, darthmon_wmde
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, abian, Wikidata-bugs, aude, 
Bawolff, Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-08-20 Thread sbassett 
sbassett closed this task as "Resolved".
sbassett moved this task from Waiting to Our Part Is Done on the secscrum board.
sbassett added a comment.


  @darthmon_wmde - I assume there are no further questions about my above 
explanation?  I'll plan to resolve this task for now.  We can create new tasks 
for any additional, more focused follow-ups.

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

WORKBOARD
  https://phabricator.wikimedia.org/project/board/4630/

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, abian, Wikidata-bugs, aude, 
Bawolff, Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-08-06 Thread sbassett 
sbassett added a comment.


  In T249039#6362819 , 
@darthmon_wmde wrote:
  
  > heads up: I am accepting the risk and we programmed the deploy to 
production.
  
  Great, thanks.
  
  > We have already fixed 
 some 
of the dev dependencies - by yesterday there were no high vulnerabilities, only 
low ones.
  
  Ok, great.
  
  > You mentioned that we need to commit to a risk plan to review the 
vulnerable dependencies e.g. in the next 30 days. From talking to the team the 
issue here is rather a continuous than a milestone, meaning that this is a 
moving target and we need a process to periodically check and fix the 
dependencies of our projects (To this aim we could really benefit from 
https://phabricator.wikimedia.org/T228527)
  >
  > With all this in mind, could you please specify the kind of commitment that 
you expect from me?
  
  The expectations the #security-team 
 would have would be:
  
  1. Accepting the risk resulting from this review would mean accepting 
accountability for any potential issue which might arise from this code being 
deployed upon Wikimedia hardware.  e.g. being fully accountable if, say, a 
vulnerability from a deployed npm package resulted in a security incident.
  2. Regarding the risk plan, what you've described seems reasonable.  Given 
the vast amount of upstream code used for wikidata-bridge and other projects, 
it's likely infeasible to get to a point any time soon where every 
vulnerability has been addressed and resolved.  Committing to constant 
vigilance of dependency vulnerabilities and working to remediate those via 
patches to upstream, upgrading to secure versions or using alternative packages 
are all acceptable solutions.  To help with this, it might make sense to set up 
automated jobs (outside of publicly-viewable jenkins CI jobs) to run tools like 
`npm audit`, `retirejs`, `outdated` and `snyk` against the code base, which 
would then inform developers of current statuses.

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-08-05 Thread darthmon_wmde 
darthmon_wmde added a comment.


  Hey @sbassett ,
  
  heads up: I am accepting the risk and we programmed the deploy to production.
  
  We have already fixed 
 some 
of the dev dependencies - by yesterday there were no high vulnerabilities, only 
low ones.
  
  You mentioned that we need to commit to a risk plan to review the vulnerable 
dependencies e.g. in the next 30 days. From talking to the team the issue here 
is rather a continuous than a milestone, meaning that this is a moving target 
and we need a process to periodically check and fix the dependencies of our 
projects (To this aim we could really benefit from 
https://phabricator.wikimedia.org/T228527)
  
  With all this in mind, could you please specify the kind of commitment that 
you expect from me?
  
  thanks a lot in advance!

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett, darthmon_wmde
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-07-30 Thread darthmon_wmde 
darthmon_wmde added a comment.


  Hey @sbassett , thanks for checking in! I have talked with the PM of the 
project about the possibly soon activation of the Bridge for Wikicat, as 
planned, and I have set a discussion meeting next week with the developers to 
craft the plan. I will update you next week :)

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett, darthmon_wmde
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-07-29 Thread sbassett 
sbassett added a comment.


  Ping @darthmon_wmde et al - just wanted to check on where we're at here with 
mediations and/or risk acceptance per my previous comment.  Thanks!

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-07-21 Thread sbassett 
sbassett added a comment.


  In T249039#6322813 , 
@Lucas_Werkmeister_WMDE wrote:
  
  > I looked at these earlier and thought they all looked like false positives
  
  Great, thanks for confirming and for your detailed analysis, with which I 
concur.  I'll change this to a risk rating of: {icon smile-o color=sky} 
**none**.
  
  > but I seem to have lost access to the paste now for some reason, so I can’t 
say for sure.
  
  This was due to some mitigations for a non-issue (T258239 
), the referenced pastes should now 
be viewable to you.
  
  In T249039#6323388 , 
@Pablo-WMDE wrote:
  
  > There recurringly are and recently were efforts to get those numbers down, 
maybe a recheck (e.g. after sha 5f1d7d106f47dbe7738efb788144d7f2fe391f39 
)
 is all it takes to find more acceptable counts (is 0 the success criterion?).
  > This is a moving target, however. At WMDE we are in the process of finding 
a structured workflow (for the products' and the developers' sake) which 
prevents those counts climbing again. A push on T228527: Support nested 
package.json files  from people with 
an official security hat would be of great help to make this happen in (ever 
more popular) monorepos.
  
  0 is of course ideal, though likely not realistic.  As noted within the 
review, outdated packages by themselves, without any additional mention of 
specific security vulnerabilities, would have a risk of: {icon check-circle 
color=green} **low**.  Per the risk acceptance chart within T249039#6309061 
, these issues can be 
addressed outside of any timeline and the risk is automatically accepted 
without managerial+ approval.  I'm also hopeful that we'll have better 
automated security monitoring in place both as stand-alone solutions and within 
CI in the near future.  Though that work is likely not to be completed for a 
while and so we try to call out such issues during manual security readiness 
reviews when prudent.
  
  > I believe this is a false positive. TinyColor (which we depend on via 
@storybook/addon-knobs@5.3.19 > react-color@2.18.1 > tinycolor 1.4.1) does 
contain a copy of jquery 1.9.1 for its own demo 
 page, but it is not 
part of its package, and consequently not loaded in the bridge product.
  
  Ok, I'd barely call that a dev dependency then, so the risk would be: {icon 
check-circle color=green} **low**.
  
  Given the volume of issues returned by `npm audit` and `snyk test`, and that 
while such packages might not be directly deployed to wikimedia production 
hardware, they are still likely used during critical doc, test and build stages 
and I would still rate the overall risk at {icon exclamation-triangle 
color=yellow} **medium**.  This risk can be accepted by a manager (I assume 
@darthmon_wmde) and a risk plan could be as simple as committing to review 
vulnerable dependencies for security updates within 30 days (for which there 
obviously //may// or //may not// be updates.)

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-07-21 Thread Pablo-WMDE 
Pablo-WMDE added a comment.


  > **Vulnerable Packages**
  > **Risk: {icon exclamation-triangle color=yellow} medium**
  > [...]
  > **Outdated Packages**
  
  There recurringly are and recently were efforts to get those numbers down, 
maybe a recheck (e.g. after sha 5f1d7d106f47dbe7738efb788144d7f2fe391f39 
)
 is all it takes to find more acceptable counts (is 0 the success criterion?).
  This is a moving target, however. At WMDE we are in the process of finding a 
structured workflow (for the products' and the developers' sake) which prevents 
those counts climbing again. A push on T228527: Support nested package.json 
files  from people with an official 
security hat would be of great help to make this happen in (ever more popular) 
monorepos.
  
  > As reported by `retirejs`:
  > (**Risk: {icon exclamation-triangle color=yellow} medium**)
  >
  > /src/node_modules/tinycolor2/demo/jquery-1.9.1.js
  
  I believe this is a false positive. TinyColor (which we depend on via 
@storybook/addon-knobs@5.3.19 > react-color@2.18.1 > tinycolor 1.4.1) does 
contain a copy of jquery 1.9.1 for its own demo 
 page, but it is not 
part of its package, and consequently not loaded in the bridge product.
  
  Thanks for making sure we deliver quality work to our users!

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett, Pablo-WMDE
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-07-21 Thread Lucas_Werkmeister_WMDE 
Lucas_Werkmeister_WMDE added a comment.


  > **General Security Issues**
  >
  > 1. `njsscan` did find some potential issues with vue's `v-html` attribute.  
I'd guess most of these are false positives given that they render messages 
which shouldn't be vulnerable as they are used within the TypeScript app and 
likely secure content-rendering functions (`title`, `getBodyMessage`, 
`referenceHTML` et al).  Still posting the results here (P11942) for review and 
confirmation with a probable **Risk: {icon check-circle color=green} low**.
  
  I looked at these earlier and thought they all looked like false positives, 
but I seem to have lost access to the paste now for some reason, so I can’t say 
for sure. But looking through v-html codesearch results 
:
  
  - All instances of `v-html="$messages.get( … )"` should be safe. 
`$messages.get()` is a wrapper around mw.message().parse() 
,
 where `mediawiki.jqueryMsg` (which our app module depends on 
)
 will escape HTML. (See also T115888.)
  
  - `` in AppHeader.vue 

 should be safe. `title` is a getter wrapping `$messages.get()`, see above.
  
  - `v-html="messageHeader"` and `v-html="messageBody"` in 
ErrorPermissionInfo.vue 

 should be safe. `messageHeader` and `messageBody` are properties of the 
component; `ErrorPermission.vue` fills them with its `getMessageHeader()` and 
`getMessageBody()` methods, respectively, which both wrap `$messages.get()`, 
see above.
  
  - `v-html="getBodyMessage"` in License.vue 

 should be safe. `getBodyMessage` is a getter wrapping, you guessed it, 
`$messages.get()`.
  
  - `v-html="referenceHTML"` in ReferenceSection.vue 

 should be safe. `referenceHTML` comes from the `renderedTargetReferences` 
array in the app state, which is populated in the renderReferences action 

 using the ApiRenderReferencesRepository 
,
 which gets the HTML from the wbformatreference API 
,
 where the HTML ultimately comes from a `Parser` based on wikitext input.
  
  - `v-html="message"` in ReportIssue.vue 

 should be safe. `message` is a getter wrapping `$.messages.get()`.

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett, Lucas_Werkmeister_WMDE
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-07-16 Thread sbassett 
sbassett added a comment.


  In T249039#6313032 , 
@darthmon_wmde wrote:
  
  >> (...) our current risk management policy (on officewiki 
, which 
sadly I don't believe wmde folks can view) ...
  >
  > You are probably right. Are the credentials for this page shared with 
another system within the wikimedia world? I have tried a couple without 
success.
  
  Sadly, I do not believe so.  officewiki accounts are local (not SUL or shared 
in any way) and are granted upon being employed by the WMF.  There are 
definitely various policies that live there which should probably have some 
public version on mw.org or wherever.

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-07-16 Thread darthmon_wmde 
darthmon_wmde added a comment.


  thanks a lot @sbassett for your complete answer!
  
  > (...) our current risk management policy (on officewiki 
, which 
sadly I don't believe wmde folks can view) ...
  
  You are probably right. Are the credentials for this page shared with another 
system within the wikimedia world? I have tried a couple without success.

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett, darthmon_wmde
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-07-15 Thread sbassett 
sbassett added a comment.


  In T249039#6307879 , 
@darthmon_wmde wrote:
  
  > sorry if this is a stupid question but could you please say clearly whether 
we need to lower the risk on any of the points? I am not sure whether what you 
define as medium or low risk are acceptable to go to production or not.
  
  Hey @darthmon_wmde -
  
  Apologies if our current risk management policy (on officewiki 
, which 
sadly I don't believe wmde folks can view) hasn't been as well-socialized as I 
would like, but whenever the #security-team 
 performs any kind of 
security or risk review, including application security reviews, we assign an 
overall risk which then needs to be mitigated or accepted.  We obviously prefer 
mitigation, as it //actually// reduces risk for a given code base or system, 
but we also allow for individuals to fully accept and own any risk established 
by a review.  Here is a simple table from the aforementioned risk management 
policy detailing levels of risks and the required steps for approval:
  
  | Rating  | Description   

|
  | --- | 
-
 |
  | {icon exclamation-triangle color=red} Critical  | Requires C level 
oversight and an immediate evaluation of all possible mitigations to reduce 
exposure. Risk treatment not to exceed 3 days.  Risk acceptance only by Exec. 
Director.  |
  | {icon exclamation-triangle color=orange} High   | Requires C level 
oversight and risk treatment plan creation in 7 days.  Risk treatment must be 
applied with 7 days of creation of that plan.  Risk acceptance by C-Level   
   |
  | {icon exclamation-triangle color=yellow} Medium | Requires Manger level 
oversight and risk treatment plan creation within 30 days.  Risk treatment must 
be applied with 30 days of plan creation.  Risk acceptance by Management level. 
|
  | {icon check-circle color=green} Low | Risk treatment applied 
when resources are available.  Risk is automatically accepted.  
   |

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] T249039: Security Readiness Review For Wikidata Bridge

2020-07-15 Thread darthmon_wmde 
darthmon_wmde added a comment.


  hi @sbassett !
  
  thanks a lot for that assessment!
  
  sorry if this is a stupid question but could you please say clearly whether 
we need to lower the risk on any of the points? I am not sure whether what you 
define as medium or low risk are acceptable to go to production or not.
  
  Thanks a lot in advance!

TASK DETAIL
  https://phabricator.wikimedia.org/T249039

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: sbassett, darthmon_wmde
Cc: WMDE-leszek, sbassett, Addshore, Michael, Lucas_Werkmeister_WMDE, 
Tonina_Zhelyazkova_WMDE, Pablo-WMDE, Lydia_Pintscher, Aklapper, darthmon_wmde, 
Akuckartz, Dsharpe, DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, 
LawExplorer, _jensen, rosalieper, Scott_WUaS, Wikidata-bugs, aude, Bawolff, 
Mbch331, Legoktm
___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs