2009/9/16 Aryeh Gregor Simetrical+wikilist@gmail.com:
It should be noted, though, that actual demonstrated risk is probably more important to users than theoretical patch response times. For whatever reason, attacks on MediaWiki seem to be comparatively rare. I would be interested in hearing of any real-world attacks anyone knows of -- there must have been *some*, but I've never heard of one.
There was a whacky one a few years ago where one user could spoof another user's IP as far as MediaWiki was concerned, i.e. so that edits by the first users would be attributed in the database as belonging to the second user. I believe that was fixed quick-smart ...
- d.