removed the administrator role from
• chasemp.
No progress on this in awhile, I'm unclear on where this initiative stands?
Security-Team dropped the ball here on feedback. This is a bit of one-off, and I'll feed it back into our queue so it gets attention, but I support @jaime and @Marostegui in their practicality. Thanks gents.
The question would be, are these packaged in debian?
I believe we bring PHP libraries into MediaWiki and extensions with composer.
We already use maxmind in production in a few places and have a subscription. The geoip2 lib for python seems in use, but I don't see the PHP libs.
@LSobanski not passing the buck I swear! @Dsharpe has been handling this as part of our Fusion Center function so I'll leave it to his process.
Might be a WONTFIX / declined nowadays... :-/
Seems addressed but cleanup remains? Downgrading priority to reflect for now if so. Secteam will also discuss in our weekly.
might be blocked due to past vandalism.
Yes, confirmed. This IP is in a range that is blocked by us. It comes from T218589 most likely. CC: @chasemp
why isn't there a... more informative error message
I filed T229620 for this a while ago.
I think this has been discussed and decline for now. We can always revisit whenever.
Stepping Security-Team back from this as our understanding is this is potentially indefinitely stalled, and we are trying to be diligent with containing our 'watching' elements.
Really, this involves refactoring the anti pattern reporting code first to make this a sane addition.
• chasemprenamed
T248095: test for assigned but wrong projectsfrom
test for assigned but wrong tasksto
test for assigned but wrong projects.
• chasemprenamed
T248095: test for assigned but wrong projectsfrom
test for inprogress but unassigned reportingto
test for assigned but wrong tasks.
• chasempupdated subscribers of
T255571: removed.
Thank you @Majavah
Apologies @jcrespo and @herron for the lag here. I was away (thanks for updating the task @sbassett) and then this fell to the bottom of the pile due to fires forever and ever it feels like. I'll cleanup, revisit, and add the tags as appropriate.
sudo -u peek crontab -l # HEADER: This file was autogenerated at 2020-06-10 16:26:11 +0000 by puppet. # HEADER: While it can still be managed manually, it is definitely not recommended. # HEADER: Note particularly that the comments starting with 'Puppet Name' should # HEADER: not be deleted, as doing so could cause duplicate cron jobs. # Puppet Name: peek_monthly MAILTO=security-team@wikimedia.org 0 0 1 * * . $HOME/.profile; /var/lib/peek/git/peek.py -c /etc/peek/config/base.conf,/etc/peek/config/monthly.conf -s > /dev/null # Puppet Name: peek_weekly MAILTO=security-team@wikimedia.org 0 0 * * 1 . $HOME/.profile; /var/lib/peek/git/peek.py -c /etc/peek/config/base.conf,/etc/peek/config/weekly.conf -s > /dev/null
I talked with @JBennett about this today, he is going to reach out to @APalmer_WMF to discuss a bit.
@JBennett, @APalmer_WMF: Was there any outcome to share?
This test task has served it's reporting purpose.
Thanks for disabling @jcrespo, sorry for the avalanche. Systemd timer seems like a sane idea.
@chasemp The VM has been created and I installed the OS and signed the puppet cert request. It is in site.pp with the "insetup" role. The initial puppet run is ongoing right now and I ran out of time. In a couple minutes you should be able to SSH to it. You can start creating your puppet role and applying it in site.pp
Creating VM peek2001.codfw.wmnet in cluster ganeti01.svc.codfw.wmnet with row=B vcpus=1 memory=2GB disk=20GB link=private. This may take a few minutes.
Ah, wait, so i was about to create it and already added peek2001.codfw.wmnet to DNS but then noticed it asks for external IP. So this really needs to be peek2001.wikimedia.org ? (Why though? )
@chasemp I think it's a little overblown, but if it helps unblocking existing tests, feel free go ahead. Our Ganeti capacity in eqiad is exceeded though, you'll have to wait until the new servers are fully setup or you can set up the instance as peek2001 (the DC shouldn't matter for your use case).
@MoritzMuehlenhoff could you revisit this when you have a minute? I'd like to get this off my plate and @wiki_willy and I were waiting on this to do some coordination.
• chasempWhy does this need a complete VM, though? If this simply sends some notifications triggered by cron jobs, simply running them from mwmaint1002 seems fine? (Despite the mw-specific name, mwmaint1002 also hosts various other maintenance profiles (profile::mariadb::maintenance and profile::openldap::management)
renamed
T242285: Create status mechanism(s) for security-team@ combining Asana and Phabfrom
Create status mechanism for security-team@ combining Asana and Phabto
Create status mechanism(s) for security-team@ combining Asana and Phab.
Jacob & Aeryn. I'm just subscribing you here to bypass the ACL so you'll have access to all relevant context across conversations.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4