https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #5 from Jeroen De Dauw <jeroen_ded...@yahoo.com> --- The MediaWiki code is not reusable - it's bound to the rest of the MediaWiki framework. Both the code itself and the things it's bound to have serious design issues, little test coverage and low quality overall. Those issues are not present in Doctrine DBAL or Symfony Console. Furthermore, both these components are relied on by literally thousands of others, including some of the most popular tools and frameworks in the PHP world. This means that their code is looked at by more developers, and used by more users, then the equivalent MediaWiki code. Given that, I'm not sure it makes sense to do a real security review of these components. Is WMF doing security reviews of other tools it uses, such as Lucene? Of course it's always better to do a review then not, yet there are limited resources. So does it really make sense to spend them on this? -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l