This project is used for access control within S2. The members of this project have access to security-sensitive tasks.
Do NOT add unauthorized members! Only members belonging to the Technical Team are allowed access. If someone else needs access to a task, please add them as a subscriber.
This is the dump. Thanks in advance!{F1438957}
No one has made any progress on this, and I'm unsure what such action would look like to achieve a change which wouldn't result in the response of "they were locked unfairly" when the user themselves would communicate that they were locked anyway.
Best approach forwards; ALWAYS assume comments on Phabricator are public. Do not post sensitive information here.
@Zppix and this is a security-sensitive task because...?
(and what are the concrete actions here?)
yup! Let's make it a goal.
@Paladox Let's replace Salt with Cumin. Not necessarily because we can't secure Salt (as long as we don't open the ports to the internet anymore, we're fine), but since Cumin offers functionality we can benefit from. Goal for Q3/Q4?
Sorry, just SocialProfile left to audit
Closing then
Can this be made public now?
We've both blacklisted titleblacklistlog and disabled the functionality of the extension that generates those logs. For future reference, the wgTitleBlacklistLogHits seems to only log titleblacklist hits that prevent account creations, which reveals the IP address that attempted to create the account. This is somewhat of an edge case, but I do not believe we will need those logs for anything, nor do I believe anyone (without an NDA) should be able to access which logs that do exist (which should only be on test2wiki right now).
viewuserlang comes from WikimediaIncubator. From the looks of it, it looks safe to me.
Resolved with https://git.io/JJeFx