Meant to CC Wikitech-l too...
-- Forwarded message --
From: Tilman Bayer tba...@wikimedia.org
Date: Wed, Jun 25, 2014 at 8:37 AM
Subject: Re: [Wikimedia-l] Quarterly reviews of high priority WMF initiatives
To: Wikimedia Mailing List wikimedi...@lists.wikimedia.org
Minutes and
OK, so really the process that we need here is:
1) Get more people on the security team via NDA and whatnot (sign me up, by the
way, obviously)
2) Develop a triage system to quickly investigate and handle invalid and
duplicate bugs
3) Determine when and how we’re going to do the program
4) Do
Tyler Romeo wrote:
OK, so really the process that we need here is:
1) Get more people on the security team via NDA and whatnot (sign me up,
by the way, obviously)
Any process that involves volunteers signing non-public, indefinite vows
of secrecy and silence are antithetical to Wikimedia's
On Thu, Jun 26, 2014 at 12:33 AM, Brian Wolff bawo...@gmail.com wrote:
What I mean by that is that being a
WMF employee/contractor wouldn't get you any special treatment -
trusted people would get special access where needed because they're
trusted and have demonstrated their competence. A
On Jun 26, 2014 9:44 AM, MZMcBride z...@mzmcbride.com wrote:
Any process that involves volunteers signing non-public, indefinite vows
of secrecy and silence are antithetical to Wikimedia's values and mission.
This isn't a cult. Our bedrock principles are open access and
transparency.
To
I’ll be frank. I care a lot more about the security of MediaWiki as a software
product,
as well as the security of its customers (both WMF and third-party) than I do
about
some made-up notion of “open access” to security bugs.
I think it makes complete sense to have people with access to
As a third-party user: I completely concur. NDAs for security bug
access are pretty much standard, aren't they?
- d.
On 26 June 2014 15:08, Tyler Romeo tylerro...@gmail.com wrote:
I’ll be frank. I care a lot more about the security of MediaWiki as a
software product,
as well as the
I feel like this would result in a ton of reports that say YOU CAN DEFACE THE MAIN
PAGE!!! which is editable, if not protected, because it's a wiki.
--
Matma Rex
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
A general and boring explanation on how access restrictions are
handled/configured in Bugzilla currently. No opinions involved.
On Wed, 2014-06-25 at 21:18 -0700, Chris Steipp wrote:
There are a few cases where there may be legitimate private data in a
security bug (look, sql injection, and
Στις 23-06-2014, ημέρα Δευ, και ώρα 20:56 +0300, ο/η Ariel T. Glenn
έγραψε:
dumps.wikimedia.org, downloads.wikimedia.org will be down on Thursday
June 26 from 13.30 UTC until 14.30 UTC. While we expect the actual
downtime to be much less, we're blocking one hour just in case.
And Murphy has
On Thu, 2014-06-26 at 16:17 +0200, Bartosz Dziewoński wrote:
I feel like this would result in a ton of reports that say YOU CAN
DEFACE THE MAIN PAGE!!! which is editable, if not protected, because
it's a wiki.
This.
I have seen several 'bug reports' in Mozilla Bugzilla by 'security
On 06/26/2014 10:15 AM, David Gerard wrote:
NDAs for security bug
access are pretty much standard, aren't they?
I don't know about standard but they are certainly common in cases
where said software has a large installed base and early disclosure of a
vulnerability would place them at risk
On Thu, Jun 26, 2014 at 8:03 AM, Andre Klapper aklap...@wikimedia.org
wrote:
On Thu, 2014-06-26 at 16:17 +0200, Bartosz Dziewoński wrote:
I feel like this would result in a ton of reports that say YOU CAN
DEFACE THE MAIN PAGE!!! which is editable, if not protected, because
it's a wiki.
On 26 June 2014 15:02, Jeremy Baron jer...@tuxmachine.com wrote:
On Jun 26, 2014 9:44 AM, MZMcBride z...@mzmcbride.com wrote:
Any process that involves volunteers signing non-public, indefinite vows
of secrecy and silence are antithetical to Wikimedia's values and
mission.
This isn't a
Στις 26-06-2014, ημέρα Πεμ, και ώρα 17:37 +0300, ο/η Ariel T. Glenn
έγραψε:
Στις 23-06-2014, ημέρα Δευ, και ώρα 20:56 +0300, ο/η Ariel T. Glenn
έγραψε:
dumps.wikimedia.org, downloads.wikimedia.org will be down on Thursday
June 26 from 13.30 UTC until 14.30 UTC. While we expect the actual
Hello,
Earlier today I slightly changed how Jenkins run the MediaWiki extension
job. Specifically the way the database is updated.
We used to simply:
php maintenance/update.php
I wanted to log the SQL queries behind added to the database and the
script has a --schema option to do just that.
Marc A. Pelletier wrote:
On 06/26/2014 10:15 AM, David Gerard wrote:
NDAs for security bug access are pretty much standard, aren't they?
I don't know about standard but they are certainly common in cases
where said software has a large installed base and early disclosure of a
vulnerability would
On Thu, Jun 26, 2014 at 12:57 PM, MZMcBride z...@mzmcbride.com wrote:
Jeremy Baron wrote:
Maybe Max is unaware about
https://wikitech.wikimedia.org/wiki/Volunteer_NDA
Err, thanks for the link. As pointed out, that page is less than a week
old and had not been advertised or linked from
Le 26/06/2014 21:51, Antoine Musso a écrit :
Erik Bernhardson figured out a temporary workaround for Flow:
https://gerrit.wikimedia.org/r/#/c/142303/
The issue is tracked by https://bugzilla.wikimedia.org/67163
Hello,
I have commented out the update.php --schema call for now. Ie
As an update on the goals process for WMF engineering, we've begun
fleshing out out the top priorities for the first quarter. Going
forward, we'll aim to call out the top priorities for each quarter as
we approach it, to create more shared visibility into the most urgent
and high-impact projects
20 matches
Mail list logo