X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f
X-Recipient: geda-user AT delorie DOT com
Date: Thu, 30 Mar 2017 09:07:29 +0200 (CEST)
X-X-Sender: igor2 AT igor2priv
To: "Erich Heinzle (a1039181 AT gmail DOT com) [via geda-user AT delorie DOT com]" <geda-user AT delorie DOT com>
X-Debug: to=geda-user AT delorie DOT com from="gedau AT igor2 DOT repo DOT hu"
From: gedau AT igor2 DOT repo DOT hu
Subject: Re: [geda-user] gedasymbols.org and EDAKrill - need your opinion
In-Reply-To: <CAHUm0tMdCrqp3N5rS0eCVAHjUbLWZXesgDjiuyc5iQko689Ebg@mail.gmail.com>
Message-ID: <alpine.DEB.2.00.1703300859370.27212@igor2priv>
References: <alpine DOT DEB DOT 2 DOT 00 DOT 1703250637200 DOT 27212 AT igor2priv> <alpine DOT DEB DOT 2 DOT 00 DOT 1703290922490 DOT 27212 AT igor2priv> <E1CD0F4F-096B-4BFD-B4A5-246CCB129D89 AT noqsi DOT com> <CAHUm0tMdCrqp3N5rS0eCVAHjUbLWZXesgDjiuyc5iQko689Ebg AT mail DOT gmail DOT com>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-1709630757-1490857649=:27212"
Reply-To: geda-user AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: geda-user AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--0-1709630757-1490857649=:27212
Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE



On Thu, 30 Mar 2017, Erich Heinzle (a1039181 AT gmail DOT com) [via geda-user AT delo=
rie.com] wrote:

>
>On a practical note, shared executable code like scripts may carry a
>security risk for users.=C2=A0
>
>This poses the obvious question, how might these risks be best minimised,
>regardless of the repo housing them?
>
>Just thinking out loud,

How the web upload currently works: I manually revise every entry=20
submitted - I hope I can figure malicous script code. If the service gets=
=20
more popular, this obviously won't work, but that means we have enough=20
users to rely on user feedback (and tagging). For any sort of executable=20
code I may keep the manual revision on for a while even when I already=20
made data uploads (e.g. footprints, symbols, fonts) automatic.

Svn users are more trusted, they have direct write access.

In the gedasymbols import: I import tools and scripts into svn, but do not=
=20
create the .krill files yet so they don't show up on the web page. They=20
are perfectly accessible from the svn. I expect users who can check out=20
such a repository also can judge the risks - it's probably not different=20
from when someone downloads a random github project.

DJ, what's gedasymbols' policy on the scripts?

An interesting corner case is parametric footprints: currently I do not=20
generate preview for them because that would mean the server executes user=
=20
commited code automatically. I think I will always keep this part manual.

Best regards,

Igor2

--0-1709630757-1490857649=:27212--