[Labs-l] [Labs-announce] [notice] DB replicas user_properties view redaction
Dan Andreescu
dandreescu at wikimedia.org
Tue Nov 29 16:12:24 UTC 2016
>
> On review, these properties have been deemed sensitive by our security
> folks:
>
> user_properties: language, skin, timecorrection, varient
>
>
> Perhaps "our security folk" should make up their mind?
>
> That list was specifically approved by legal as okay. See
> https://phabricator.wikimedia.org/T66115 and the (long, involved) prior
> discussion leading to it at bz 58196 (did we keep an archive of those)?
>
Just like code can be rewritten to be better or solve bugs, so should
security policy be updated if new vulnerabilities are found. I applaud our
security team for re-visiting decisions. Security is neither easy nor
static.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-l/attachments/20161129/5a1a9754/attachment.html>
More information about the Labs-l
mailing list