Hi everyone,
We're planning to have our regular ArchCom-RFC IRC meeting in a couple of hours. Phab event: https://phabricator.wikimedia.org/E198
Location: #wikimedia-office IRC channel Meeting type: Problem definition Time: 2016-06-01 Wednesday 21:00 UTC (2pm PDT, 23:00 CEST)
The experiment using Phab Conpherence rooms for public discussions continues with Phab:Z425. I will optimistically say this has not *yet* succeeded :-) [1]
The topic ArchCom agreed to focus on this week is Security. Here's a few candidate topics for us to discuss in today's meeting:
* T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki * T75953: RFC: MediaWiki HTTPS policy * T123753: Establish retrospective reports for #security and #performance incidents
Broadly speaking: the theme for today is "security is everyone's job". Really, it is. If you have +2 rights, and you *don't* think security is your job, please think about why you deserve to keep that right. We all have a responsibility to step up our game in this area. Let's use today's IRC meeting to figure out how we intend to step up.
Rob
[1] The thing that makes me optimistic about Conpherence is that it's a persistent log of a linear conversation that integrates well with the rest of Phabricator. The Z425 Conpherence: https://phabricator.wikimedia.org/Z425
More thoughts later here: https://www.mediawiki.org/wiki/User:RobLa-WMF/Conpherence, and the talk page there is a good place for off-thread replies.
On Wed, Jun 1, 2016 at 2:52 PM, Rob Lanphier robla@wikimedia.org wrote:
- T75953: RFC: MediaWiki HTTPS policy
I see that RFC hasn't had any interesting edits since December 2014. Since then I believe things have changed a fair bit, for example the move to HTTPS for all traffic in 2015,[1] so I wonder how much of the RFC is still accurate/relevant. Perhaps we'd rather remove the brittle parts of the existing code instead of adding even more configurability that we won't be using.
[1]: https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
wikitech-l@lists.wikimedia.org