On 10/29/2011 04:01 AM, K. Peachey wrote:
On Sat, Oct 29, 2011 at 9:54 AM, Sumana Harihareswara sumanah@wikimedia.org wrote:
- However, I am now ensuring that we are more lenient with extensions
developers than we are with people applying for core commit access. We still, of course, watch out for security issues in submitted code samples!
I might be reading this wrong, But isn't that exactly what we don't want, We want people building extensions even if they have bad security habits in SVN so we can teach them on how to correct them (and other generally improvements) so we know that they have improved the code they are offering to people.
K. Peachey, thanks for making that point. I talked with Tim, Aaron, and Chad about this, and you're right. For extensions, the only criteria for commit access are, should be, and now will be as listed at https://www.mediawiki.org/wiki/Commit_access_requests#Requesting_commit_acce... :
A demonstration that your request is made in good faith. For example, someone may be employing you to work on MediaWiki, or you may be known to the Wikimedia volunteer community by way of past work. Plans to contribute to MediaWiki or extensions in a substantial way. Programming skills appropriate for the type of work you propose to do. Our community will help new participants, especially with MediaWiki-specific skills, but we don't have time to train programmers from scratch. An account on this wiki (www.mediawiki.org) with an authenticated email address set in your Special:Preferences.
We will tell people about security issues we see in their code, and ask them to promise to fix them in the future, but we won't use security problems as a reason to turn them away.
We've also now unified the "tools" and "extensions" Subversion groups; there were a few developers (declerambaul, giovanni, halfak, swalker, whym) who were only in the "tools" group, and those developers now have access to commit to extensions.