On 21/02/13 10:18, Denny Vrandečić wrote:
After evaluating different options, we want to use for
generating
Wikidata's RDF export the EasyRDF library: <http://www.easyrdf.org/>
We only need a part of it -- whatever deals with serializers. We do not
need parsers, anything to do with SPARQL, etc.
In order to minimize reviewing and potential security holes, is there an
opinion on what is the better approach:
* just use it as a dependency, review it all, and keep it up to date?
* fork the library, cut out what we do not need, and keep up with work
going on the main branch, backporting it, but reducing the used code size
thus?
How is this handled with other libraries, like Solarium, as a reference?
Cheers,
Denny
I would use it as a dependency, avoiding to fork our own version from
upstream.
That said, not exposing the files to web requests is probably a good idea.