Start from the approved RFC contents. Flesh out details about review process and pre/post-merge security requirements. Put it all on mw.o in an easily discoverable location.
Description
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Krinkle | T1079 Document process for how to create a library, bootstrap the repo, and add to mediawiki-core | |||
Resolved | • csteipp | T349 Security update planning re Composer managed libraries for use on WMF cluster | |||
Resolved | • csteipp | T74193 Have a check for reported security issues in dependencies |
Event Timeline
Comment Actions
There is now a bugzilla component that should be used to track issues related to the process of adding a new library. At minimum there should be a security review ticket for each library added there so we can keep track of signoffs.
Comment Actions
Following the phabricator migration, the MediaWiki-Vendor project is the place to track these issues.
Comment Actions
After having helped set up three libraries in the past month, I've updated https://www.mediawiki.org/wiki/Manual:Developing_libraries with all the relevant bits.
The page is getting a bit long. But at least it's all there now.
Comment Actions
Thanks.
So does someone want to make the call whether this ticket is resolved by that, or not?
Comment Actions
Yep. And we also have a Yeoman generator now thanks to @ori (generator-wikimedia-php-library).