[TYPO3-dev] [TYPO3-v4] Removing the feature "Enable extensions without review (basic security check)" from EM

[Lars Houmark]

Hi Francois,

François Suter wrote:
> I remember a discussion about this some time ago. I was part of those
> who supported such a change for much the same arguments as you exposed.
> There was however quite a strong opposition, in particular from Security
> Team members IIRC. Some seemed to say that extension review should/would
> revived, but certainly nothing has happened in the meantime (at least to
> the best of my knowledge).

I should believe that I was in the security team at that point, and 
don't recall any such reluctance from team members. Can you maybe find 
more evidence of such and present me that (or just point me to the last 
discussion)?

I cannot, in any direction I look, see how it would be possible to 
revive security reviews, mainly because reviews will need to be done by 
a human, and that human has to have some special knowledge, in order to 
do it in a way that can be trusted afterwards, meaning a review that is 
actually worth anything.

Also I think the security team has enough work with keeping up with 
reported issues in extensions.

> So I think it's good to have this discussion again and see how the
> situation has evolved a couple of months down the line.

Yeah, and I guess your opinion haven't changed? ;)

-- 
Lars Houmark