> From: Tom Hutchison <[email protected]> > > ... this brings up a discussion about > Extensions flagged as a security risk and why the extension's code is > still available for download?
I've experienced the converse: an extension being removed because someone flagged it as a security risk, only because it COULD be used in an insecure fashion. By that test, LocalPreference.php should be flagged as a security risk. The end result is that an SQL access extension that I regularly use responsibly (editing limited to certain users, with page protection) is no longer receiving development support. Isn't it better to have a known risk exposed so that those who value the resource can fix it, than to ban it, so hapless prior users are still vulnerable? Flagging, good. Banning, bad. ---------------- :::: It is not possible to use enormous amounts of resources to address a resource shortage. -- Mike Ruppert :::: Jan Steinman, EcoReality Co-op :::: _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
