Wikimedia Security Team/Security reviews lists three separate processes which are either recommended or required in order to get an extension deployed on Wikimedia servers.
For non-WMF developers it can be unclear what is needed for each review step and how the Security team expects the information to be presented.
Who would benefit
- Anyone unfamiliar with the current review practices, likely meaning extension developers outside of the WMF.
- The security team: Clearer expectations/instructions should hopefully help streamline new external review requests.
Identify one or a few good real-life examples for each process (or at least the latter two) to promote as case studies.