Last modified: 2014-10-15 23:22:36 UTC
Can someone please double-check that the behavior of security@mediawiki.org is the same as the behavior of security@wikimedia.org? There's been a suggestion that the former (@mediawiki.org) routes e-mail to OTRS while the latter (@wikimedia.org) routes e-mails to the relevant individuals. The two should be functionally equivalent.
As an OTRS admin I confirm this. The security@mediawiki.org address goes to the noc queue of OTRS, which Wikimedia (Technical) Staff a few others have access to. I think it would make sense if it went to the same place as security@wikimeida, wherever that place may be..
Assuming the volume isn't unreasonable, I'm fine having it go to the same list as security@wikimedia.org.
(In reply to comment #2) > Assuming the volume isn't unreasonable, I'm fine having it go to the same > list > as security@wikimedia.org. There seem to have been 3 legitimate emails sent to the address since it was created, so it seems low traffic. Of course there is spam too. I can't give you any numbers on how much spam is sent to the address as it isn't preserved in the system.
Ryan, is this something you can take care of (having the mails sent to security@wm.o)? Or does it need to be handled by ops?
Ops would need to re-target the address if they want to use it. We can not have it hit the OTRS system and then be automatically cycled back out to an external address (via forward or anything). We'd have to literally forward each message out individually as they come in. To fix this, ops will need to do whatever they do to take ownership of the @mediawiki.org address and re-divert it away from OTRS. If we disable ('invalidate') the address within OTRS itself, that won't do anything but confuse the software - we'll still get the messages via OTRS (they just won't be properly queued) until the address is re-diverted.
Daniel, do you know the right ops person to make this happen? It would be really helpful.
Filed RT #8655 for this.
Ryan also pointed out that security@wikipedia.org is an OTRS address, so I included that in the RT ticket as well.
Fixed by Daniel, thanks!