Anything related to providing education and security best practice guidance/trainings to the Foundation and to the community.
This service adds Security-Team via H344
Anything related to providing education and security best practice guidance/trainings to the Foundation and to the community.
This service adds Security-Team via H344
Though this is for OAuthManageMyGrants so the query would have to be a join between consumers and grants tables and then a filesort on the grants of a single user. Probably still doable. Anyway, better discussed in its own task.
That seems easy to do - we have an application name / owner user ID / application version index. Not quite sure why it has the user ID in the middle, but there can't be that many entries for a single application so a filesort on that set should be fine.
It would already help if the list would be sorted ascending by name, and descending by version? Then the user can easily weed through the list, and remove any (for them) obsolete versions.
There isn't really a way to tell what is obsolete. Multiple versions can be in use at the same time, e.g. because the tool needed more permissions but wants to do as much as possible for users who haven't updated their permissions yet.
I was under the impression that the Application Security team had received a heads-up regarding the project. As for tags, this being my first time submitting any task on Phabricator, I was not aware of the importance of them in the first place. Now I do.
So, no, the assessment made before, when this tasked was closed, that this wasn't submitted to any team is incorrect
How is anyone on Phabricator supposed to know that? Not one tag was present on it and very little information was in the description.
Hi. I'm already in contact with the security team and have already received a Privacy Engineering review because I was told that this would be a necessary first step before getting an Application Security review. So, no, the assessment made before, when this tasked was closed, that this wasn't submitted to any team is incorrect. The team is aware of this incoming task.
@sbassett we have a pile of these without tasks, boards, or members. We're aware and incorporating into workflow changes / development. Expect a team review of it all...eventually.
This project is for tracking anything related to security awareness training. I'm not entirely sure how useful it is as a Phabricator project since, for now, most of this training is managed internally for Wikimedia Foundation staff. At some point this may become a larger offering to community members, etc. but we aren't quite there yet. Also - @chasemp left the Foundation a while ago and has not really been an active volunteer since.