https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
Chris Steipp changed:
What|Removed |Added
Blocks||67536
--
You are receiving this mail b
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #8 from Jeroen De Dauw ---
> Regardless, I'm pretty sure we're not going to change our minds about
> security review by debating in a bug.
Not sure debate is happening. I never even asked to change the relevant
policies, only that
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #7 from Nik Everett ---
(In reply to Chris Steipp from comment #6)
> (In reply to Jeroen De Dauw from comment #5)
> > Given that, I'm not sure it makes sense to do a real security review of
> > these components. Is WMF doing securit
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #6 from Chris Steipp ---
(In reply to Jeroen De Dauw from comment #5)
> Given that, I'm not sure it makes sense to do a real security review of
> these components. Is WMF doing security reviews of other tools it uses, such
> as Luce
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #5 from Jeroen De Dauw ---
The MediaWiki code is not reusable - it's bound to the rest of the MediaWiki
framework. Both the code itself and the things it's bound to have serious
design issues, little test coverage and low quality ov
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #4 from Chris Steipp ---
Hi guys, can you explain the reasoning for using doctrine's DBAL and Symphony's
console, instead of the standard MediaWiki classes? Reviewing those (~80 kloc)
is going to take some time, and so far, I haven'
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #3 from Sergey Vladimirov ---
Sorry, i didn't notice the limit in API declaration. In this case... well, it's
just unusable from my point of view. But it is not a security concern, of
course :-)
I hope changed limit value can't be
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #2 from Jeroen De Dauw ---
As far as I can tell, the offset parameter is limited to 50, and can thus not
cause full index scans. Is that wrong?
If we would want to allow further pagination, using a continuation parameter
would inde
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
Nik Everett changed:
What|Removed |Added
CC||neverett+bugzilla@wikimedia
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
Sergey Vladimirov changed:
What|Removed |Added
CC||vlser...@gmail.com
--- Comment #1
https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
Lydia Pintscher changed:
What|Removed |Added
Priority|Unprioritized |Highest
Whiteboard|
11 matches
Mail list logo
