The Signpost

Victoria Coleman, the new chief technology officer, will be vital to the Foundation's performance
WMF trustee Kelly Battles
Related articles
2009 licensing

License update, Google Translate, GLAM conference, Paid editing
15 June 2009

Licensing vote results announced, resolution passed
25 May 2009

Licensing vote begins
13 April 2009

Community weighs license update
30 March 2009

License update, Commons cartoons, films milestone, and more
16 March 2009

News and notes: Elections, licensing update, and more
8 February 2009

GFDL 1.3 released, will allow Wikimedia migration to Creative Commons license
17 November 2008

More articles

+ Add a comment

Discuss this story

In the "prompted an extended response from Maher". I can't seem to find any actual answer to the question asked, so I will ask it again here (paraphrased from the mailing list question):

It is well documented that Coleman's former government employers worked to introduce and/or keep open security vulnerabilities in a wide range of systems and software. Can we please have a clear statement that if she knows about or finds out about any vulnerabilities and vectors that can be used to attack MediaWiki she will share them with our developers so that they can be fixed? --Guy Macon (talk) 13:04, 4 November 2016 (UTC)[reply]

Hi @Guy Macon:, I thought I was clear: "We will work closely together in defending and strengthening the privacy and security of our platforms for our users." But I'll get more explicit: Failing to disclose and address a vulnerability/vector in any part of our platform would be unacceptable, whether it was for the purpose of facilitating exploitation or otherwise. The WMF security team addresses critical vulnerabilities as soon as they are identified, regardless of who identifies them. It is at the discretion of the security team to determine whether the exploit is critical and should be addressed before disclosure, or whether it can be safely disclosed and addressed. The security and integrity of our systems, and the security and privacy of Wikimedia's users, are paramount. Katherine (WMF) (talk) 00:19, 5 November 2016 (UTC)[reply]
That's good enough for me. Thanks for the clarification. --Guy Macon (talk) 06:21, 5 November 2016 (UTC)[reply]


Will be missed. Peter Damian (talk) 10:16, 5 November 2016 (UTC)[reply]

We need a strong an critical press. Andreas provided a great service to the movement during his time here. Sad to see him moving on. Doc James (talk · contribs · email) 17:12, 5 November 2016 (UTC)[reply]


The Signpost · written by many · served by Sinepost V0.9 · 🄯 CC-BY-SA 4.0