On Fri, May 30, 2014 at 3:56 PM, Bryan Davis <bd...@wikimedia.org> wrote: > > There is still some ongoing internal discussion about the best way to > verify that included libraries are needed and that security patches > are watched for and applied from upstream. Chris Steipp is awesome, > but it would be quite an additional burden to hang these thousands of > new lines of code around his neck as yet another burden to bear. One > current theory is that need should be determined by the RFC process > and security support would need to be provided by a "sponsor" of the > library. >
As long as those libraries are installed via Composer, and well-maintained, something like VersionEye <https://www.versioneye.com/> could take on a big part of that burden. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l