https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #6 from Chris Steipp <[email protected]> --- (In reply to Jeroen De Dauw from comment #5) > Given that, I'm not sure it makes sense to do a real security review of > these components. Is WMF doing security reviews of other tools it uses, such > as Lucene? Of course it's always better to do a review then not, yet there > are limited resources. So does it really make sense to spend them on this? For code included in MediaWiki, we do. Lucene we can segment on a different server / network, so the attack surface and risk from exploitation is lower. That being said, I did review several pieces of our Hadoop infrastructure, and we generally want to make sure the organizations backing the components we use have security programs. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
