Naleksuh has advanced knowledge of PHP scripting language, and would easily be able to spot security risks/deployment blockers. While I have not personally seen their knowledge/expirence first-hand, from my own interaction with them and from what I've heard from others, they do seem to know what they are talking about, and do have a least to some degree, knowledge of PHP, and will be able to preform this task. I have asked Naleksuh to comment to this task to confirm, as well as to begin a test review going off the basis of what @Southparkfan requested of me and SamanthaNguyen to hopefully make this task go smoothly and speed up the approval process. Thank you!
While my work in core has been primarily propositions, I like to work on solutions to problems and I have contributed to a number of floating extensions with my specialty being access levels. Me and Universal Omega were also going to make an extension that fixes bypassing create protection, although this is postponed due to IRL issues.
I am told the review process centers around commenting on extensions currently in queue. Are there any other extensions pending addition that I may review?
@Universal_Omega I could be wrong, but when I saw that @Southparkfan assigned this Phabricator ticket to you, he might have been suggesting for you to pick an extension in the queue for @Naleksuh to review, perhaps, and that, though the final approval decision of @Naleksuh as a security reviewer would rest with @Southparkfan and the Site Reliability Engineering team (who, in practice, essentially defer to Southparkfan with regard to such matters), he values your input and would give it a great deal of weight in the approval decision. On the other hand, I may have read too much into him handing off this Phabricator ticket to you, and be completely wrong, which is totally fine.
As far as @Naleksuh's security reviewer application goes, though I realize I have no real input into this, I will just say that I encouraged Naleksuh to put his name forward as a security reviewer, acknowledging his php coding experience and, in part, because of the discussion the three of us had about him potentially developing an extension with @Universal_Omega. Together with @SamanthaNguyen and @Universal_Omega, I think it would be absolutely wonderful to have three new experienced security reviewers on the team, all in the span of 3-4 months.
I suppose you can do a test review of an extension. But keep in mind I say this in no official capacity and @Southparkfan holds the overall decision. You can pick one from Extensions if you wish. But again, I do not say this under official capacity in any way.
Quoting Southparkfan from my own request,
Hey there. Per the last comment by Universal Omega, I was somewhat under the impression that I was waiting on a response from Southparkfan. If that is not the case, should I proceed as Universal Omega suggested?
@Universal_Omega Since we now have T6700 in the extension review queue, could this be an appropriate extension for @Naleksuh and @R4356th to post their security reviews in their respective requests? Whether we install the extension is another matter, but don't really need to install an extension; we just need to have an extension for them to review
Unfortunately and regrettably I must decline this now, after a conversation I had with @Southparkfan on IRC, we can't really approve this without evidence that shows your knowledge and abilities to preform in this capacity. If you do feel you can provide such evidence, do feel free to reopen and it'll later be considered. Thank you!
It's not the lack of extensions to review. Reviewing an extension is not necessarily, solely enough. You'll need to show your own PHP, etc.. skills as well, at least from my understanding. Security reviewer is a serious job on there must be serious consideration in the matter of approving or declining security reviewer requests.