On Fri, Jun 27, 2014 at 9:06 AM, Antoine Musso hashar+...@free.fr wrote:
Doesn't WMF has a plan to provide badges in MediaWiki itself? Kind of
Wikiloves which let you distribute barn pages on talk pages but a bit
more robust?
Well we made an OpenBadges extension for Facebook OpenAcademy, but
Le 26/06/2014 17:03, Andre Klapper a écrit :
I have seen several 'bug reports' in Mozilla Bugzilla by 'security
researchers' about source code of projects being exposed on Mozilla's
servers. Clearly a security breach. What does FOSS stand for?
So it boils down to how to keep clueless people
Le 26/06/2014 01:28, Tyler Romeo a écrit :
snip
Therefore, I thought it may be beneficial to take that over to Wikipedia and
start our own
bug bounty program. Most likely, it would be strictly a hall of fame like
structure where
people would be recognized for submitting bug reports (maybe
On Fri, 2014-06-27 at 15:06 +0200, Antoine Musso wrote:
I would like us to have our own instance of Google Code-in to list tasks
that could be fulfilled by volunteers. Kind of the +easy bugs we have
in Bugzilla but with a nicer interface that only has those tasks.
it.
--
Tyler Romeo
0xC86B42DF
From: Brian Wolff bawo...@gmail.com
Reply: Wikimedia developers wikitech-l@lists.wikimedia.org
Date: June 26, 2014 at 0:34:54
To: Wikimedia developers wikitech-l@lists.wikimedia.org
Subject: Re: [Wikitech-l] MediaWiki Bug Bounty Program
On 6/26/14, Chris Steipp
Tyler Romeo wrote:
OK, so really the process that we need here is:
1) Get more people on the security team via NDA and whatnot (sign me up,
by the way, obviously)
Any process that involves volunteers signing non-public, indefinite vows
of secrecy and silence are antithetical to Wikimedia's
On Thu, Jun 26, 2014 at 12:33 AM, Brian Wolff bawo...@gmail.com wrote:
What I mean by that is that being a
WMF employee/contractor wouldn't get you any special treatment -
trusted people would get special access where needed because they're
trusted and have demonstrated their competence. A
On Jun 26, 2014 9:44 AM, MZMcBride z...@mzmcbride.com wrote:
Any process that involves volunteers signing non-public, indefinite vows
of secrecy and silence are antithetical to Wikimedia's values and mission.
This isn't a cult. Our bedrock principles are open access and
transparency.
To
To: Wikimedia developers wikitech-l@lists.wikimedia.org
Subject: Re: [Wikitech-l] MediaWiki Bug Bounty Program
Any process that involves volunteers signing non-public, indefinite vows
of secrecy and silence are antithetical to Wikimedia's values and mission.
This isn't a cult. Our bedrock principles
As a third-party user: I completely concur. NDAs for security bug
access are pretty much standard, aren't they?
- d.
On 26 June 2014 15:08, Tyler Romeo tylerro...@gmail.com wrote:
I’ll be frank. I care a lot more about the security of MediaWiki as a
software product,
as well as the
I feel like this would result in a ton of reports that say YOU CAN DEFACE THE MAIN
PAGE!!! which is editable, if not protected, because it's a wiki.
--
Matma Rex
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
A general and boring explanation on how access restrictions are
handled/configured in Bugzilla currently. No opinions involved.
On Wed, 2014-06-25 at 21:18 -0700, Chris Steipp wrote:
There are a few cases where there may be legitimate private data in a
security bug (look, sql injection, and
On Thu, 2014-06-26 at 16:17 +0200, Bartosz Dziewoński wrote:
I feel like this would result in a ton of reports that say YOU CAN
DEFACE THE MAIN PAGE!!! which is editable, if not protected, because
it's a wiki.
This.
I have seen several 'bug reports' in Mozilla Bugzilla by 'security
On 06/26/2014 10:15 AM, David Gerard wrote:
NDAs for security bug
access are pretty much standard, aren't they?
I don't know about standard but they are certainly common in cases
where said software has a large installed base and early disclosure of a
vulnerability would place them at risk
On Thu, Jun 26, 2014 at 8:03 AM, Andre Klapper aklap...@wikimedia.org
wrote:
On Thu, 2014-06-26 at 16:17 +0200, Bartosz Dziewoński wrote:
I feel like this would result in a ton of reports that say YOU CAN
DEFACE THE MAIN PAGE!!! which is editable, if not protected, because
it's a wiki.
On 26 June 2014 15:02, Jeremy Baron jer...@tuxmachine.com wrote:
On Jun 26, 2014 9:44 AM, MZMcBride z...@mzmcbride.com wrote:
Any process that involves volunteers signing non-public, indefinite vows
of secrecy and silence are antithetical to Wikimedia's values and
mission.
This isn't a
Marc A. Pelletier wrote:
On 06/26/2014 10:15 AM, David Gerard wrote:
NDAs for security bug access are pretty much standard, aren't they?
I don't know about standard but they are certainly common in cases
where said software has a large installed base and early disclosure of a
vulnerability would
On Thu, Jun 26, 2014 at 12:57 PM, MZMcBride z...@mzmcbride.com wrote:
Jeremy Baron wrote:
Maybe Max is unaware about
https://wikitech.wikimedia.org/wiki/Volunteer_NDA
Err, thanks for the link. As pointed out, that page is less than a week
old and had not been advertised or linked from
Hey everybody,
So today at the iSEC Partners security open forum I heard a talk from Zane
Lackey,
the former security lead for Etsy, concerning the effectiveness of bug bounties.
He made two points:
1) Bug bounties are unlikely to cause harm, especially for Wikipedia, which I
asked
him about,
On Wed, Jun 25, 2014 at 4:28 PM, Tyler Romeo tylerro...@gmail.com wrote:
Therefore, I thought it may be beneficial to take that over to Wikipedia
and start our own
bug bounty program. Most likely, it would be strictly a hall of fame like
structure where
people would be recognized for
On Wed, Jun 25, 2014 at 4:28 PM, Tyler Romeo tylerro...@gmail.com wrote:
Hey everybody,
So today at the iSEC Partners security open forum I heard a talk from Zane
Lackey,
the former security lead for Etsy, concerning the effectiveness of bug
bounties.
He made two points:
1) Bug bounties
Chris, why don't we leave privacy policy compliance to the users posting on
the bug? Wikimedia personal user data shouldn't be going to the security
product.
Why does WMF get the right to control by access to MediaWiki security bugs
anyway? Could we not simply host MediaWiki stuff externally?
On Wed, Jun 25, 2014 at 5:49 PM, Alex Monk kren...@gmail.com wrote:
Chris, why don't we leave privacy policy compliance to the users posting on
the bug? Wikimedia personal user data shouldn't be going to the security
product.
There are a few cases where there may be legitimate private data in
On 6/26/14, Chris Steipp cste...@wikimedia.org wrote:
On Wed, Jun 25, 2014 at 5:49 PM, Alex Monk kren...@gmail.com wrote:
Chris, why don't we leave privacy policy compliance to the users posting
on
the bug? Wikimedia personal user data shouldn't be going to the security
product.
There are a
24 matches
Mail list logo