Last modified: 2014-10-15 23:22:36 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T62246, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 60246 - security@mediawiki.org should work the same as security@wikimedia.org
security@mediawiki.org should work the same as security@wikimedia.org
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
wmf-deployment
All All
: Normal normal (vote)
: ---
Assigned To: Daniel Zahn
: ops
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-20 02:24 UTC by MZMcBride
Modified: 2014-10-15 23:22 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description MZMcBride 2014-01-20 02:24:50 UTC 
Can someone please double-check that the behavior of security@mediawiki.org is the same as the behavior of security@wikimedia.org? There's been a suggestion that the former (@mediawiki.org) routes e-mail to OTRS while the latter (@wikimedia.org) routes e-mails to the relevant individuals. The two should be functionally equivalent.
Comment 1 Ryan (Rjd0060) 2014-01-20 02:26:50 UTC 
As an OTRS admin I confirm this.  The security@mediawiki.org address goes to the noc queue of OTRS, which Wikimedia (Technical) Staff a few others have access to.  I think it would make sense if it went to the same place as security@wikimeida, wherever that place may be..
Comment 2 Chris Steipp 2014-01-21 19:25:10 UTC 
Assuming the volume isn't unreasonable, I'm fine having it go to the same list as security@wikimedia.org.
Comment 3 Ryan (Rjd0060) 2014-01-22 00:43:47 UTC 
(In reply to comment #2)
> Assuming the volume isn't unreasonable, I'm fine having it go to the same
> list
> as security@wikimedia.org.

There seem to have been 3 legitimate emails sent to the address since it was created, so it seems low traffic.  Of course there is spam too.  I can't give you any numbers on how much spam is sent to the address as it isn't preserved in the system.
Comment 4 Kunal Mehta (Legoktm) 2014-10-15 03:22:49 UTC 
Ryan, is this something you can take care of (having the mails sent to security@wm.o)? Or does it need to be handled by ops?
Comment 5 Ryan (Rjd0060) 2014-10-15 09:31:32 UTC 
Ops would need to re-target the address if they want to use it.  We can not have it hit the OTRS system and then be automatically cycled back out to an external address (via forward or anything).  We'd have to literally forward each message out individually as they come in.

To fix this, ops will need to do whatever they do to take ownership of the @mediawiki.org address and re-divert it away from OTRS.  If we disable ('invalidate') the address within OTRS itself, that won't do anything but confuse the software - we'll still get the messages via OTRS (they just won't be properly queued) until the address is re-diverted.
Comment 6 Chris Steipp 2014-10-15 12:28:42 UTC 
Daniel, do you know the right ops person to make this happen? It would be really helpful.
Comment 7 Kunal Mehta (Legoktm) 2014-10-15 21:23:09 UTC 
Filed RT #8655 for this.
Comment 8 Kunal Mehta (Legoktm) 2014-10-15 21:24:36 UTC 
Ryan also pointed out that security@wikipedia.org is an OTRS address, so I included that in the RT ticket as well.
Comment 9 Kunal Mehta (Legoktm) 2014-10-15 23:22:36 UTC 
Fixed by Daniel, thanks!
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links