Page MenuHomePhabricator

Rewrite Security.md
Closed, ResolvedPublic

Description

Because we no longer use toolforge much of security.md is no longer valid, I (or someone else) needs to look at the file and determine all that needs updated

Details

Security
None

Event Timeline

I've had a look and the following things need to be changed:

  • The email should be the new one rather than tools.zppixbot[at]tools.wmflabs.org
  • "Cloud Services services" -> "Miraheze bots services"
  • "Wikimedia Cloud Services Terms of Use" -> "Miraheze's Terms of Use (LINK?)"
  • "Since access to this information is fundamental to the operation of Wikimedia Cloud Services, these terms regarding use of your data expressly override the Wikimedia Foundation's Privacy Policy as it relates to the use and access of your personal information." -> Not sure about that for us, we'd need to have a look at that

I've had a look and the following things need to be changed:

  • The email should be the new one rather than tools.zppixbot[at]tools.wmflabs.org

Yep

  • "Cloud Services services" -> "Miraheze bots sqervices"

+1

  • "Wikimedia Cloud Services Terms of Use" -> "Miraheze's Terms of Use (LINK?)"

https://bots.miraheze.wiki/terms.html

  • "Since access to this information is fundamental to the operation of Wikimedia Cloud Services, these terms regarding use of your data expressly override the Wikimedia Foundation's Privacy Policy as it relates to the use and access of your personal information." -> Not sure about that for us, we'd need to have a look at that

Can be scrapped

To report a Security Vulnerability or issue, we ask that you please email any applicable information to: bots[at]miraheze.org.

Please note that by doing this you agree to disclose your email address, and/or any information provided in the email header.

At a minimum, we ask that you provide, context to the finding of the vulnerability/issue, steps to recreate the vulnerability/issue, and if you have a potiental solution.

Please do note every effort will be done to respect your privacy, however, please do note the following:

By using this project or contacting us, you agree that your details can be used in accordance with our Privacy Policy

I'd be happy to take/claim this task. I assume I'd just initiate a pull request for security.md, propose the changes, and then propose it for merging, at which point anyone would just (a) make further changes (more likely) or (b) approve it without further amendment (less likely)?

In T16#518, @Dmehus wrote:

I'd be happy to take/claim this task. I assume I'd just initiate a pull request for security.md, propose the changes, and then propose it for merging, at which point anyone would just (a) make further changes (more likely) or (b) approve it without further amendment (less likely)?

Yeah, feel free to claim the task. Please do it to the 'dev' branch rather than master and we'll handle cherry picking and merging everything to master and everywhere else active.

There's a short example/draft above in a comment from me that gets rid of the worst of the WMCS nonsense.

MacFan4000 lowered the priority of this task from 80 to High.Sep 28 2020, 5:06 PM

Backporting to other branches not much use now we are a package