https://bugzilla.wikimedia.org/show_bug.cgi?id=66226
--- Comment #6 from Greg Grossmeier <[email protected]> --- (In reply to Quiddity from comment #2) > @Greg: Is this ready to go otherwise? (I'm guessing that it doesn't need a > separate security/performance review, as it's part of the existing deployed > extension?) There is a line that needs to be drawn in the proverbial sand: At what point does adding new features to an extension require a new security/perf review? I don't know the answer to that, and mostly go with my gut right now (you can usually get a pretty good idea from how people talk about the features etc). Can someone familiar with the code comment on the data flow for this? Where is it getting data from? How is it displaying it? Does it sanitize itself? How is the data modified? etc (In reply to Jared Zimmerman (WMF) from comment #5) > Also, can the preliminary security and performance review bugs be linked to > this one please. Agreed. Can the person who responds to my above question (Lydia? Tpt?) file the two bugs, please. Make them blockers of this bug. If they're (the reviews) easy/quick, that's even better. (In reply to Lydia Pintscher from comment #3) > Deployment to beta is waiting on the merge of two patches by Tpt. It is hard > to give a date for that atm but I will hurry it up. It needs to be on the beta cluster before it can go to production. We try to have it there for at least 1 week (7ish days) before. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
