Mail Archives: geda-user/2017/03/30/03:04:30
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--0-1709630757-1490857649=:27212
Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Thu, 30 Mar 2017, Erich Heinzle (a1039181 AT gmail DOT com) [via geda-user AT delo=
rie.com] wrote:
>
>On a practical note, shared executable code like scripts may carry a
>security risk for users.=C2=A0
>
>This poses the obvious question, how might these risks be best minimised,
>regardless of the repo housing them?
>
>Just thinking out loud,
How the web upload currently works: I manually revise every entry=20
submitted - I hope I can figure malicous script code. If the service gets=
=20
more popular, this obviously won't work, but that means we have enough=20
users to rely on user feedback (and tagging). For any sort of executable=20
code I may keep the manual revision on for a while even when I already=20
made data uploads (e.g. footprints, symbols, fonts) automatic.
Svn users are more trusted, they have direct write access.
In the gedasymbols import: I import tools and scripts into svn, but do not=
=20
create the .krill files yet so they don't show up on the web page. They=20
are perfectly accessible from the svn. I expect users who can check out=20
such a repository also can judge the risks - it's probably not different=20
from when someone downloads a random github project.
DJ, what's gedasymbols' policy on the scripts?
An interesting corner case is parametric footprints: currently I do not=20
generate preview for them because that would mean the server executes user=
=20
commited code automatically. I think I will always keep this part manual.
Best regards,
Igor2
--0-1709630757-1490857649=:27212--
- Raw text -