Wikimedia Security Team/Security Review Scrum/2019-08-27

Date/time: August 27th, 2019 - 10:00 AM PDT

Attending: Scott, Jennifer, Sam, Michal Anna

Backlog


 * Security Review for MediaWiki REST API, assigned to Sam, https://phabricator.wikimedia.org/T230140
 * John to explore funding of 3rd party audits this quarter, stalled - https://phabricator.wikimedia.org/T155537, https://phabricator.wikimedia.org/T156960 , https://phabricator.wikimedia.org/T148246 , https://phabricator.wikimedia.org/T187846

Active


 * Security review of Ex:DoubleWiki, in-progress - https://phabricator.wikimedia.org/T131199
 * Parsoid-PHP, moved to active, additional review by Sam, in-progress - https://phabricator.wikimedia.org/T227209
 * Security review of preact 8.4.2, Scott did a very simple assessment, unassigned, stalled https://phabricator.wikimedia.org/T227726
 * Page Content Service route /page/mobile-html, starting - https://phabricator.wikimedia.org/T227114
 * Security review of WebAuthn library dependancies, in-progress - https://phabricator.wikimedia.org/T227244
 * Planet wikimedia - assigned to Michal Anna, stalled - https://phabricator.wikimedia.org/T207246

Waiting


 * Labs db/sanitarium and maintain-views.yaml audits, assigned to James F, stalled - https://phabricator.wikimedia.org/T169097, https://phabricator.wikimedia.org/T103011

Frozen (delayed indefinitely)


 * Audiences growth team emails concept review, stalled - Jen will contact to close - https://phabricator.wikimedia.org/T220242
 * Banner preview, stalled - https://phabricator.wikimedia.org/T230176

Closing Soon / Closed


 * Doublewiki (old), Scott to resolve this week, in-progress - can Jen contact to close? - https://phabricator.wikimedia.org/T131199