I've filed T133735 as a bug to formalize procedures for security
releases of non-mediawiki bundled wmf-maintained extensions.
On Tue, Apr 26, 2016 at 3:17 PM, bawolff <bawolff+wn(a)gmail.com> wrote:
On Tue, Apr 26, 2016 at 3:08 PM, Ryan Lane
<rlane32(a)gmail.com> wrote:
On Tue, Apr 26, 2016 at 12:01 PM, Alex Monk
<krenair(a)gmail.com> wrote:
It's not an extension that gets bundled with
MediaWiki releases.
That doesn't mean third parties aren't using it. When I say a release of
the extension, I mean give it a version number, increase the version
number, tag it in git, then tell people "ensure you are using version x or
greater of MobileFrontend".
This is a pretty normal process that Wikimedia does well for other things.
I have a feeling this isn't going through a normal process...
I'm pretty sure that doing git tags in extensions for new versions is
not normal procedure.
I can't recall any extension ever doing that (Unless you mean the
REL1_26 type tags).
Which is not to say that I necessarily disagree with doing that
procedure, I just think its unfair to call that the normal procedure,
where I don't think that procedure has ever been used for extensions.
Regardless of what procedures are decided as good practice for
extensions, formalizing the procedures security releases of
non-bundled extensions that are maintained by WMF would probably be a
good idea.
--
-bawolff