On Tue, Sep 29, 2015 at 10:56 PM, Quim Gil <qgil(a)wikimedia.org> wrote:
Hi, let me try to help with the tools I have at hand,
even if I understand
that that is not the whole picture or the whole solution.
On Wed, Sep 30, 2015 at 6:07 AM, Kevin Gorman <kgorman(a)gmail.com> wrote:
what are apparently serious enough security
problems (enough to call it a
'significant
attack vector')
Are these problems reported as tasks in Phabricator? If so, please share
the links here. If not, reporting them is the first step.
He was getting that from me. Yes, there are quite a few of them in
Phabricator plus lingering concerns because of previous issues that would
desire a more complete security review. I'm happy to share them with you
offlist tomorrow (they are all under security bugs and I would rather not
share them on a list this public).
I also just wanted to let people know that I'm still following this thread
and will respond more fully tomorrow (I apologize for less response today
then yesterday it's been a busy day with a couple fires to put out and I
have to go to a late night meeting in a couple minutes). For a quick
response to a couple of the previous emails however:
I don't have any magic powers to get resources (I don't have near enough
myself :-/ for the amount of work people want me to do) but I definitely
want to ensure that those using the extension continue to have options and
I know that Floor and others do too, this is in no way desired to be a
secret behind closed door decision on what to do in terms of
fixes/replacements etc. We're putting in these temp fixes because we
believe it's the best move right now (my understanding was that the likely
hood of fixing the holes or getting a replacement very quickly was small)
but it's certainly not the end of the discussion.
James Alexander
Manager
Trust & Safety
Wikimedia Foundation
(415) 839-6885 x6716 @jamesofur