On Wed, Oct 14, 2009 at 8:28 PM, Tim Starling tstarling@wikimedia.org wrote: <snip>
Wikimedia has finally stopped checking out the entire extensions directory and exposing it to the web, but there might be other sites out there still doing the same insecure practice. It may make sense to split off an "extensions-contrib" directory where unreviewed extensions can be put, with less chance of jeopardising the security of servers.
<snip>
A similar approach, with slightly different nomenclature, would be to create an "extensions-approved" directory restricted to core contributors for the 60 odd extensions used by Wikimedia.
http://www.mediawiki.org/wiki/Category:Extensions_used_on_Wikimedia
Obviously any extension used on the live site has essentially the same security implications as the core code. As there are already a few hundred extensions in SVN, I think it is fair to regard many existing extensions in SVN as contribs that have never been studied in detail.
-Robert Rohde