This extension will need a security review (+need-review)

Cf bug 8390.

Regarding the security review, I note that SMW also is available in a "light" variant that has reduced features but that can already be of some use. This SMWLight extension does not support inline queries and drops some datatypes, but it allows data collection, export, and basic retrieval. SMWLight is much smaller in size (currently about 6000 LOC).

It might be a useful strategy to start reviewing this core component first. There is no packaged release of SMWLight yet -- it is rather a configuration for deploying the complete code that makes many files obsolete. If a package of this abridged version is needed, I can provide it upon request. The fact that SMWLight uses the same files as SMW proper also means that any reviewing effort is also useful toward accomplishing the complete reviewing task.

Well, we are just Wikimedians. What is that security review about and why SMWLight doesnt need such review?

(In reply to comment #4)

Well, we are just Wikimedians. What is that security review about and why
SMWLight doesnt need such review?

It means the code needs to be looked at to make sure it doesn't have any security vulnerabilities. SMWLight would also need one; the reason Markus brought it up is that SMWLight is much less code, so it wouldn't take as long to review.

See https://www.mediawiki.org/wiki/Writing_an_extension_for_deployment for information on what is needed to get an extension reviewed before potentially deploying it on a wikisite.

Marking WONTFIX per bug 8390 comment 24