You can join us at 21:00 UTC (23:00 CEST, 2pm PDT)
in the #wikimedia-office channel on freenode.
- For security, we need better isolation of external binaries from MediaWiki.
- If we run MediaWiki itself under Kubernetes, the resulting container should be
as small as possible, so it should ideally exclude unnecessary binaries.
- It's difficult to deploy bleeding-edge versions of external binaries when they
necessarily share an OS with MediaWiki.
- Have a PHP microservice, accessible via HTTP, which takes POSTed inputs,
writes them to the container's filesystem as temporary files, runs a shell
command, and responds with gathered output files.
Tim has been working on this for a couple of weeks, and has been updating the
task in a steady monologue. Perhaps in the meeting today, we can get more eyes
on the nitty gritty of the proposal.
Principal Software Engineer, Core Platform