On 21/02/13 10:18, Denny Vrandečić wrote:
After evaluating different options, we want to use for generating Wikidata's RDF export the EasyRDF library: http://www.easyrdf.org/
We only need a part of it -- whatever deals with serializers. We do not need parsers, anything to do with SPARQL, etc.
In order to minimize reviewing and potential security holes, is there an opinion on what is the better approach:
just use it as a dependency, review it all, and keep it up to date?
fork the library, cut out what we do not need, and keep up with work
going on the main branch, backporting it, but reducing the used code size thus?
How is this handled with other libraries, like Solarium, as a reference?
Cheers, Denny
I would use it as a dependency, avoiding to fork our own version from upstream. That said, not exposing the files to web requests is probably a good idea.