On 21/02/13 10:18, Denny Vrandečić wrote: > After evaluating different options, we want to use for generating > Wikidata's RDF export the EasyRDF library: <http://www.easyrdf.org/> > > We only need a part of it -- whatever deals with serializers. We do not > need parsers, anything to do with SPARQL, etc. > > In order to minimize reviewing and potential security holes, is there an > opinion on what is the better approach: > > * just use it as a dependency, review it all, and keep it up to date? > > * fork the library, cut out what we do not need, and keep up with work > going on the main branch, backporting it, but reducing the used code size > thus? > > How is this handled with other libraries, like Solarium, as a reference? > > Cheers, > Denny
I would use it as a dependency, avoiding to fork our own version from upstream. That said, not exposing the files to web requests is probably a good idea. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l