Phabricator/Security

Requirements
Tasks regarding sensitive topics need to be filed in Phabricator. Some of these are related to security bugs in Mediawiki, and some of these are related to general sensitive Operations work.

Preamble
Phabricator does not does not associate policy with any project labels implicitly. They have affirmed repeatedly upstream that to do so is not in their plan, and it is not intended functionality. The task centric interface means that policies are explicitly associated with tasks themselves. Each task has an "edit" and a "view" policy. The right to adjust policies on tasks is global. In order to grant that right it has to be granted for all tasks. Because the right to adjust task policy is global it has been limited to Security and Operations

All users are expected to have the ability to file tasks that require a high degree of discretion, but we cannot grant all users the right to adjust policy globally. In order to achieve this we have created an additional form selector on the task creation and edit interface. This 'Security' drop down allows users to select a transform on a task that appropriately adjusts the viewability/editability without needing global policy permission. This drop down is a transform which sets the appropriate policies, includes relevant projects, and sanitizes the issue if necessary to prevent further disclosure. At this time the transform is applied as a custom Herald action whenever an issue is saved from the edit interface. To allow for converting existing issues and filing new ones in a secure state the transform must be applied any time the drop down is active. The effect of this is that any time the drop down is active the basic policy template will be enforced. Changing the Security selector from 'Sensitive or Sensitive Bug' (where it would have been limited to a known good state for policy) to 'none' does not change the policy on the issue, but it does allow the policy on an issue to be changed. If the determination is made by Security that additional resources are needed after initial filing this is simple to adjust to allow specific groups or users within Phabricator.

Understanding 'Security' Field Transforms
- applies no transform preserving the existing policy, project, and other metadata properties of a task.

- Ensures the Security project is included, enforces the Security project + author policy for edit and view policy.

- Ensures the Security project is included, enforces the Security project for edit and view policy.