Wikimedia Security Team/Documentation/cleanup notes

From mediawiki.org

Thoughts/Notes/Reference[edit]

some notes https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Index :)

wiki/security as a portal (https://wikitech.wikimedia.org/wiki/Portal:Wikitech ) rather than foo/bar/baz? https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS/Admin/Maintenance reference No portal namespace on mw.o !! So yes just a portal-esque design at /wiki/Security

https://infosec.mozilla.org/ https://www.mozilla.org/en-US/security/

Need to annotate 'policy' vs Policy (security policy ala official template and process https://meta.wikimedia.org/wiki/Category:Policies_maintained_by_the_Wikimedia_Foundation

mw main landing page must acknowledge more than mw scope mw could use an almost sub-portal for training/documentation/guides/best practices not speciffially WMF or WMF process related

meta page on the what/why/where of docs and flow

mw landing page/portal more than mw is reall life, palpable?

When to mark things as

or

or ... -- https://www.mediawiki.org/wiki/Documentation/Style_guide/templates#Fixme_Historical_Outdated_Update

Or soft-redirect? https://www.mediawiki.org/wiki/Template:Soft_redirect -- similar result to https://www.mediawiki.org/wiki/Template:Archived_extension

Add a "See also" section to main Security pages on each wikis that interlinks the various landing pages (policies are over here, SOP, here, team, here, etc.)

Keep in mind which pages really must be translatable.

don't move pages with subpages without magic (especially translated subpages)

edit summaries to be friendly on mw

Mediawiki.org[edit]

Create

https://www.mediawiki.org/wiki/security/docs https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Draft https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Proposals https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Proposals/Archived https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Policy https://www.mediawiki.org/wiki/Security/Policy

Keep

https://www.mediawiki.org/wiki/Wikimedia_Technology/Annual_Plans/FY2019/CDP1:_Privacy,_Security,_and_Data_Management/CDP_Budget_Segment_2/Goals#Status_2 https://www.mediawiki.org/wiki/Security_for_developers (link from https://www.mediawiki.org/wiki/Security/Policy ) https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Thanks

Keep and Move

https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Password_strengthening_2019 => https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Proposals https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Policy/Proposed => https://www.mediawiki.org/wiki/Security/Policy/Proposed

Keep and Edit

https://www.mediawiki.org/wiki/Wikimedia_Security_Team https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Volunteers https://www.mediawiki.org/wiki/Security https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Policy/Access_to_security_issues (convert to https://office.wikimedia.org/wiki/Security_SOP_Template )

Redirect

https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Standard_Operating_Procedure/ => https://www.mediawiki.org/wiki/Security/SOP https://www.mediawiki.org/wiki/Reporting_security_bugs => https://www.mediawiki.org/wiki/Security/reporting_bugs

Move & Edit

https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Training (also see https://www.mediawiki.org/wiki/Security_for_developers ) https://www.mediawiki.org/wiki/Phan-taint-check-plugin

REDIRECT soft / hard or mark

etc

https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Privacy_roadmap https://www.mediawiki.org/wiki/Wikimedia_Security_Team/ApplicationScanning https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Vulnerability_scanning https://www.mediawiki.org/wiki/Security_auditing_and_response https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Roadmap https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Goals_201516 https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Goals_2016-2017 https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_review_template https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Password_strengthening_2019 -- maybe not this https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews/What_we_are_looking_for https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Metrics https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_for_libraries https://www.mediawiki.org/wiki/Does_my_application_need_a_security_review https://www.mediawiki.org/wiki/Wikimedia_Security_Team/WMF_Engineering_risk_assessment

office.wikimedia.org[edit]

Create

https://office.wikimedia.org/wiki/Security https://office.wikimedia.org/wiki/Security/Policy https://office.wikimedia.org/wiki/Security/Policy/Draft https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Onboarding

Keep

https://office.wikimedia.org/wiki/Wikimedia_Security_Team/investigating_incidents https://office.wikimedia.org/wiki/Wikimedia_Security_Team/AWS_EC2_instance_(Kali) (link back to team page) https://office.wikimedia.org/wiki/Office_IT/Information_Security (link from w/security https://office.wikimedia.org/wiki/Security_Cameras (link from w/security) https://office.wikimedia.org/wiki/Privacy_breach_protocols (link from w/security) https://office.wikimedia.org/wiki/Privacy_by_Design_Policy (link from w/sec) https://office.wikimedia.org/wiki/Data_access_guidelines (link from w/sec)

Keep and Move

https://office.wikimedia.org/wiki/Security_Basics => https://office.wikimedia.org/wiki/Security/Training/Basics https://office.wikimedia.org/wiki/Security_Policies/Password_Policy => https://office.wikimedia.org/wiki/Security/Policy/Password_Policy (make a redirect to canonical?) https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Incident_Response => => https://office.wikimedia.org/wiki/Security/Policy/Draft/Incident_Response https://office.wikimedia.org/wiki/Security_Policies/Data_Classification => https://office.wikimedia.org/wiki/Security/Policy/Data_Classification https://office.wikimedia.org/wiki/Security_Policies/Risk_Management => https://office.wikimedia.org/wiki/Security/Policy/Risk_Management https://office.wikimedia.org/wiki/Security_Policies/Supplier_Security_Addendum => https://office.wikimedia.org/wiki/Security/Policy/Draft/Supplier_Security_Addendum https://office.wikimedia.org/wiki/Security_Policies/Vulnerability_Matrix => https://office.wikimedia.org/wiki/Security/Policy/Draft/Vulnerability_Matrix https://office.wikimedia.org/wiki/Security_Strategy_2019 => https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Strategy_2019 (link back to team page) https://office.wikimedia.org/wiki/Security_Policy_template => https://office.wikimedia.org/wiki/Security/Templates/Policy https://office.wikimedia.org/wiki/Security_SOP_Template => https://office.wikimedia.org/wiki/Security/Templates/SOP https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Onboarding_David_Sharpe => https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Onboarding/David_Sharpe https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Onboarding_David_Sharpe/sessions => https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Onboarding/David_Sharpe/Sessions https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Onboarding_Michal_Anna => https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Onboarding/Michal_Anna


Keep and Edit

https://office.wikimedia.org/wiki/Wikimedia_Security_Team (header points to mw and below content is office private ONLY) https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Onboarding (remove draft)

Redirect

https://office.wikimedia.org/wiki/Security_Policies => https://office.wikimedia.org/wiki/Security/Policy

Move & Edit


REDIRECT soft / hard or mark

etc

https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Cloud_VPS_instance_(adhoc-utils01.security-tools) https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Index https://office.wikimedia.org/wiki/Wikimedia_Security_Team/Service:_Security_Reviews https://office.wikimedia.org/wiki/Office_IT/Security_Review_2016 https://office.wikimedia.org/wiki/SIEM_Evaluation_Project


wikitech.wikimedia.org[edit]

Create https://wikitech.wikimedia.org/wiki/Security/ Nope, per trailing slash discussion

Keep

https://wikitech.wikimedia.org/wiki/Security_update https://wikitech.wikimedia.org/wiki/How_to_perform_security_fixes

Keep and Move Keep and Edit

https://wikitech.wikimedia.org/wiki/Security or redirect to portal? https://wikitech.wikimedia.org/wiki/Nova_Resource:Security-tools (ref from main portal)

REDIRECT soft / hard or mark

etc

Move & Edit Remove / Archive


meta.wikimedia.org[edit]

Create https://meta.wikimedia.org/wiki/Security/

Keep

https://meta.wikimedia.org/wiki/Wikimedia_Foundation_v._National_Security_Agency/FAQ (from landing)

Keep and Move

https://meta.wikimedia.org/wiki/Password_policy -- should be on foundation.wm.o and translated ala privacy policy? /wiki/security/policy/password

Keep and Edit

https://meta.wikimedia.org/wiki/Security ...keep but kill redirect, make portal or landing page

Redirect Move & Edit

REDIRECT soft / hard or mark

etc