https://bugzilla.wikimedia.org/show_bug.cgi?id=67533
--- Comment #7 from Nik Everett <neverett+bugzi...@wikimedia.org> --- (In reply to Chris Steipp from comment #6) > (In reply to Jeroen De Dauw from comment #5) > > Given that, I'm not sure it makes sense to do a real security review of > > these components. Is WMF doing security reviews of other tools it uses, such > > as Lucene? Of course it's always better to do a review then not, yet there > > are limited resources. So does it really make sense to spend them on this? > > For code included in MediaWiki, we do. Lucene we can segment on a different > server / network, so the attack surface and risk from exploitation is lower. > That being said, I did review several pieces of our Hadoop infrastructure, > and we generally want to make sure the organizations backing the components > we use have security programs. I just had this conversation with Daniel and Katie. My take is that we're extra super paranoid about PHP code that runs in MediaWiki. We're less paranoid about other code more out of habit and bandwidth issues then any other reason. I'm of the opinion that the foundation has a right to be as paranoid about code running on the cluster as it pleases. Personally, I think that if we sat down and thought really hard about how paranoid we should be we'd either continue doing exactly what we do now or hire another Chris or two and be more paranoid. Regardless, I'm pretty sure we're not going to change our minds about security review by debating in a bug. So the issue stands - this pulls in a few external libraries that would also require review. Our options are to review them, make them optional and not use them on the cluster, or rip them out entirely. If there are more options please reply with them. I think we've talked on other bugs (ping bd808) about symfony console so it might be worth reviewing it and using it is more places. Doctrine DBAL I'm personally less excited about because I'm prejudiced against DB abstraction layers. I hate the one in MediaWiki. I hate Hibernate. I loath JPA. JPQL is evil. I could go on but I don't want to relive the horrors. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
