Topic on Talk:Security/SOP/Security Readiness Reviews

Jump to navigation Jump to search

Proposed updates to Purpose and Process sections

3
SBassett (WMF) (talkcontribs)

As discussed during our appsec scrum today, we should consider adding clarifications to this SOP:

  1. A new section within Purpose describing code states that we will not review including:
    1. Any variety of stub code - be it a mediawiki extension, service, etc. Boilerplate code is just that and cannot serve as a proxy for reviewing code that may one day exist.
    2. Any Work-In-Progress (WIP) patch sets, regardless of their state of completion. If the code is in a stable, testable state, it should be code-reviewed and merged.
    3. Any relevant patch sets which have not been code-reviewed and merged. Again, if the code is in a stable, testable state, it should be code-reviewed and merged. We may be willing to make exceptions to this policy if a code merge is blocked on another, key review (say from a member of the Performance Team or SRE) but it will be the responsibility of the requester to ask for such an exception from the Security Team and confirm the current state of the code.
  2. A new section within the Submission and Timelines subsection of the Process section:
    1. Add another IMPORTANT note under the first item stating that a commit hash or version tag MUST be specified for every repository branch.. If the code links are for patch sets on gerrit et al, then see guidelines above. I'm pretty sure this is a simplified statement of the solution that was eventually arrived at in the "Add a 'code freeze' or ready for deployment clause" topic on this page.
SBassett (WMF) (talkcontribs)

And perhaps an additional note about code either not intended to be deployed to wikimedia production (or very likely to not ever be deployed to wikimedia production) being de-prioritized in relation to code that definitely will. While we would love to security-review every bit of code within the wikimedia universe, it is often infeasible, and so prioritization must occur.

SBassett (WMF) (talkcontribs)