Wikimedia Security Team/Security Review Scrum/2019-06-11

Date/time: June 11th, 2019 - 10:00 AM PST

Attending: Brian, Sam, Michal Anna, Scott, John

Updates:

Backlog
 * Brian still performing code review, this is a tracking ticket for follow-ups for library/vendor code, not started - https://phabricator.wikimedia.org/T223307
 * Exploring outsourced reviews for OIT things, rewrites, JB to follow up after new vendor budgets set stalled - https://phabricator.wikimedia.org/T155537, https://phabricator.wikimedia.org/T156960, https://phabricator.wikimedia.org/T148246, https://phabricator.wikimedia.org/T187846
 * DoubleWiki, Brian to deploy as sec release, then push through gerrit, stalled - https://phabricator.wikimedia.org/T131199

Active
 * Waiting on update from Yurik/Vega folks (upstream) to proceed stalled - https://phabricator.wikimedia.org/T222806
 * Scott to verify risk Google sheet, comment on task about trusa risk ownership, close task in-progress - https://phabricator.wikimedia.org/T221719
 * Leaving open for feedback, meeting w/ Subbu this week in-progress - https://phabricator.wikimedia.org/T221907
 * Basic analysis performed, Scott to dig a little deeper then resolve, in-progress - https://phabricator.wikimedia.org/T219831
 * Planet wikimedia - assigned to Michal Anna, stalled - https://phabricator.wikimedia.org/T207246
 * Wikisource ext, starting - https://phabricator.wikimedia.org/T217289
 * FormWizard extension, Brian to write response, tag releng stalled - https://phabricator.wikimedia.org/T201492

Waiting
 * Wikibase Termbox, completed for now, John to follow up with Raz re: risk ownership, in-progress - https://phabricator.wikimedia.org/T216419
 * Labs db/sanitarium and maintain-views.yaml audits, in-progress - https://phabricator.wikimedia.org/T169097, https://phabricator.wikimedia.org/T103011
 * Audiences user-testing concept review, stalled - https://phabricator.wikimedia.org/T220043
 * Audiences growth team emails concept review, stalled - https://phabricator.wikimedia.org/T220242