Under the tag of WP:BOLD I took the liberty of copying the "Page security extension disclaimer" that is put on extension pages whenever an extension uses a legit hook like "usercan" . While I get why the disclaimer is added, the words used in the disclaimer are certainly up for improvements. It now states, whenever you need security, use another package, not MediaWiki. It also brands an extension using legit hooks to be a hack. So I made a simple template "Page security extension disclaimer 2021" that still shares the sames bottomline message : "MediaWiki is not responsible for exposed content", but using words that are more appropriate.
I would like people to review the original disclaimer and the text I have used to come up with a suitable solution.
This looks good.
I edited it a bit for grammar and stuff, but also revised two of the sentences to now say the following.
Neither the developers nor the Wikimedia Foundation are responsible for anything being leaked. By using this extension, you agree to indemnify the aforementioned parties and hold potential negligence by developers harmless. This message is added automatically to all extensions of this nature and may not reflect the actual security status of this extension.
I am not a lawyer, but as far as I am aware, an explicit waiver of negligence is required for a defense to a negligence lawsuit in U.S. courts. In fact, the word negligence being specifically stated will make any defense much stronger. Maybe this should be checked with WMF Legal. This sentence has been added to protect the developers of the extension.
wikitech-l@lists.wikimedia.org