https://bugzilla.wikimedia.org/show_bug.cgi?id=66226
Kunal Mehta (Legoktm) <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #7 from Kunal Mehta (Legoktm) <[email protected]> --- (In reply to Greg Grossmeier from comment #6) > (In reply to Quiddity from comment #2) > > @Greg: Is this ready to go otherwise? (I'm guessing that it doesn't need a > > separate security/performance review, as it's part of the existing deployed > > extension?) > > There is a line that needs to be drawn in the proverbial sand: > > At what point does adding new features to an extension require a new > security/perf review? > > I don't know the answer to that, and mostly go with my gut right now (you > can usually get a pretty good idea from how people talk about the features > etc). Well, given that the actual code that generates these links was merged in Feburary (and already enabled on a WMF site), it's a bit late for a security review. The amount of code added in If8706343136ca25c0967aad3a8451283330d636f is extremely small compared to the size of the extension, and doesn't warrant a specialized review IMO. > Can someone familiar with the code comment on the data flow for this? Where > is it getting data from? How is it displaying it? Does it sanitize itself? > How is the data modified? etc I don't understand why this is necessary? But, it gets the data from the database, and formats it according to how the core hook wants it, which handles the display part. This is all done in Wikibase/client/includes/hooks/OtherProjectsSidebarGenerator.php. > (In reply to Jared Zimmerman (WMF) from comment #5) > > Also, can the preliminary security and performance review bugs be linked to > > this one please. > > Agreed. Can the person who responds to my above question (Lydia? Tpt?) file > the two bugs, please. Make them blockers of this bug. If they're (the > reviews) easy/quick, that's even better. > As stated above, I don't think security/performance reviews are necessary. HTH. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
