X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f
X-Authentication-Warning: envy.delorie.com: dj set sender to dj AT delorie DOT com using -f
From: DJ Delorie <dj AT delorie DOT com>
To: geda-user AT delorie DOT com
Subject: Re: [geda-user] gedasymbols.org and EDAKrill - need your opinion
In-Reply-To: <CAHUm0tMdCrqp3N5rS0eCVAHjUbLWZXesgDjiuyc5iQko689Ebg@mail.gmail.com> (geda-user@delorie.com)
Date: Thu, 30 Mar 2017 02:54:32 -0400
Message-ID: <xn8tnn5k5z.fsf@envy.delorie.com>
MIME-Version: 1.0
Content-Type: text/plain
Reply-To: geda-user AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: geda-user AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk


In the gedasymbols case, uploaded scripts are stored in a location where
the server won't run them.  The scripts that run the server are in a
location where only admins can upload.

Nothing can stop a user from downloading a script and running it without
looking at what it does first.  We, in general, only have to stop users
from uploading scripts that the *server* runs.