Wikimedia Security Team/Security Review Planning/2022-04-05

Minutes for the Security Team's Q4 2022 (April to June) quarterly planning session

Attending: MStyles, SBassett, MMartorana

Completed Reviews, Previous Quarter

1. Abs Wiki Function Orchestrator (Mstyles) (https://phabricator.wikimedia.org/T289322#7621518)
2. Developer Portal static site tools (Mstyles) (https://phabricator.wikimedia.org/T297167#7776403)
3. Abs Wiki WikiLambda Extension (MMartorana) (https://phabricator.wikimedia.org/T289322#7623085)
4. WikiSEO Extension (MMartorana) (https://phabricator.wikimedia.org/T295065#7825096)
5. Abs Wiki Function Evaluator (SBassett) (https://phabricator.wikimedia.org/T289322#7684639)
6. Wikipedia Birthday Buddies JS lib (SBassett) (https://phabricator.wikimedia.org/T297816#7621649)
7. Re-review of IP Info (SBassett) (https://phabricator.wikimedia.org/T260822#7754242)

Reviews That Need Follow-Up This Quarter

1. Trusted GitLab Runners (likely out of scope) (https://phabricator.wikimedia.org/T304514)
2. OIT LDAP (verify takedown at end of quarter) (https://phabricator.wikimedia.org/T155537)
3. Wikispeech (re-evaluation and re-prioritization) (https://phabricator.wikimedia.org/T180021)

Accepted Reviews To Complete This Quarter

1. Wikistories extension (SBassett) (https://phabricator.wikimedia.org/T301389)
2. Abs Wiki Function Schemata (SBassett) (https://phabricator.wikimedia.org/T302472)
3. Codex component library (MMartorana)(https://phabricator.wikimedia.org/T302772)
4. Image Suggestions Service (MMartorana) (https://phabricator.wikimedia.org/T304885)
5. SimilarUsers extension (Mstyles) (https://phabricator.wikimedia.org/T304631)
6. Campaigns Registration System (Mstyles) (https://phabricator.wikimedia.org/T290248)

Updates Made For Other Review Tasks

1. Mailman3 (still a soft decline, vendor?) (https://phabricator.wikimedia.org/T289899#7403112)
2. Design of Toolforge Kubernetes (officially declined, pentest of wmcs) (https://phabricator.wikimedia.org/T245205)