Wikimedia Security Team/Security Review Scrum/2019-07-16

Date/time: July 16th, 2019 - 10:00 AM PDT

Attending: Scott, Jennifer

Updates:

Backlog


 * John to explore funding of 3rd party audits this quarter stalled - https://phabricator.wikimedia.org/T155537, https://phabricator.wikimedia.org/T156960 , https://phabricator.wikimedia.org/T148246 , https://phabricator.wikimedia.org/T187846
 * Concept Review for the machine vision, new, to be assigned - https://phabricator.wikimedia.org/T227591
 * Parsoid-PHP, new, not quite ready for review, to be assigned - https://phabricator.wikimedia.org/T227209

Active


 * Page Content Service route /page/mobile-html, started - https://phabricator.wikimedia.org/T227114
 * Security review of WebAuthn library dependancies, started - https://phabricator.wikimedia.org/T227244
 * Doublewiki (old), started - https://phabricator.wikimedia.org/T131199
 * Sec review of steward userJS, started - https://phabricator.wikimedia.org/T227221
 * CentralNotice Code Review request, assigned to Sam starting - https://phabricator.wikimedia.org/T226963
 * Planet wikimedia - assigned to Michal Anna, stalled - https://phabricator.wikimedia.org/T207246

Waiting


 * John and Scott to follow up with Raz re: risk ownership in-progress - https://phabricator.wikimedia.org/T216419
 * Labs db/sanitarium and maintain-views.yaml audits - transition to James F for review in-progress - https://phabricator.wikimedia.org/T169097, https://phabricator.wikimedia.org/T103011

Frozen (delayed indefinitely)


 * Waiting on update from Yurik/Vega folks (upstream) to proceed stalled - https://phabricator.wikimedia.org/T222806
 * Audiences user-testing concept review, stalled - https://phabricator.wikimedia.org/T220043
 * Audiences growth team emails concept review, stalled - https://phabricator.wikimedia.org/T220242
 * PageForms review from a long time ago, will post closure note next week, stalled - https://phabricator.wikimedia.org/T149869